Snapdragon Auto Reachable Assertion Vulnerability

Summary

Snapdragon Auto suffers from reachable assertion vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin


Details

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130

 

Vulnerable Systems:

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Electronics Connectivity

Snapdragon Consumer IOT

Snapdragon Industrial IOT

 

CVE Information:

CVE-2020-3615

Disclosure Timeline:
Published Date:6/2/2020

Categories: FeaturedNews