CVE-2020-3656 - Qualcomm Msm8917 Firmware, Qualcomm Rennell Firmware and Qualcomm Qcs605 Firmware

September 9, 2020

Critical 7.8

Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Affected software

Qualcomm Msm8917 Firmware

Qualcomm Rennell Firmware

Qualcomm Qcs605 Firmware

Qualcomm Saipan Firmware

Qualcomm Sdm450 Firmware

Qualcomm Sdm429w Firmware

Qualcomm Sc8180x Firmware

Qualcomm Sdm439 Firmware

Qualcomm Sdm429 Firmware

Qualcomm Sm8250 Firmware

Qualcomm Sm8150 Firmware

Qualcomm Sdx55 Firmware

Qualcomm Qcm2150 Firmware

Qualcomm Sm7150 Firmware

Qualcomm Apq8009 Firmware

Qualcomm Nicobar Firmware

Qualcomm Sdm710 Firmware

Qualcomm Sm6150 Firmware

Qualcomm Qm215 Firmware

Qualcomm Sa6155p Firmware

Qualcomm Sxr2130 Firmware

Qualcomm Sa8155p Firmware

Qualcomm Sdm632 Firmware

Qualcomm Kamorta Firmware

Qualcomm Sdm845 Firmware

Qualcomm Mdm9607 Firmware

Qualcomm Msm8953 Firmware

Qualcomm Qcs405 Firmware

Reference links

https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin

CVE-2020-3656 - Qualcomm Msm8917 Firmware, Qualcomm Rennell Firmware and Qualcomm Qcs605 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software