What is CVE-2020-3671?

CVE-2020-3671 is a critical-severity vulnerability in Qualcomm Apq8009, classified under Use After Free. CVSS score: 9.8/10. Published 2020-07-30.

How severe is CVE-2020-3671?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Use After Free in Qualcomm Apq8009

CVE-2020-3671

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar…

Vulnerability class: Use-After-Free

EPSS: 0.009 (55.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qualcomm Apq8009
Qualcomm Apq8009_firmware
Qualcomm Nicobar
Qualcomm Nicobar_firmware
Qualcomm Qcm2150
Qualcomm Qcm2150_firmware
Qualcomm Qcs405
Qualcomm Qcs405_firmware
Qualcomm Saipan
Qualcomm Saipan_firmware

Weakness classification (CWE)

CWE-416 — Use After Free

References

product-security@qualcomm.com (x_refsource_CONFIRM, Broken Link)
nvd@nist.gov (Vendor Advisory)

Frequently asked questions

What is CVE-2020-3671?: CVE-2020-3671 is a critical-severity vulnerability in Qualcomm Apq8009, classified under Use After Free. CVSS score: 9.8/10. Published 2020-07-30.
How severe is CVE-2020-3671?: Critical severity. CVSS v3 base score is 9.8 out of 10.