Strix
26.1K

CVE-2020-3685

HIGHCVSS 7.5/10EPSS 0.92%

Last modified

CVE-2020-3685 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. EPSS estimates a 0.92% chance of exploitation in the next 30 days.

Description

Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.92%

55.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QualcommApq8009All versions
QualcommApq8009wAll versions
QualcommApq8017All versions
QualcommApq8030All versions
QualcommApq8037All versions
QualcommApq8052All versions
QualcommApq8053All versions
QualcommApq8056All versions
QualcommApq8060aAll versions
QualcommApq8062All versions
QualcommApq8064All versions
QualcommApq8064auAll versions
QualcommApq8076All versions
QualcommApq8084All versions
QualcommApq8096auAll versions
QualcommAqt1000All versions
QualcommAr6003All versions
QualcommAr8031All versions
QualcommAr8035All versions
QualcommAr8151All versions
QualcommAr9374All versions
QualcommCsra6620All versions
QualcommCsra6640All versions
QualcommCsrb31024All versions
QualcommMdm8215All versions
QualcommMdm8215mAll versions
QualcommMdm8615mAll versions
QualcommMdm8635mAll versions
QualcommMdm9206All versions
QualcommMdm9215All versions
QualcommMdm9225All versions
QualcommMdm9225mAll versions
QualcommMdm9230All versions
QualcommMdm9235mAll versions
QualcommMdm9310All versions
QualcommMdm9330All versions
QualcommMdm9607All versions
QualcommMdm9615All versions
QualcommMdm9615mAll versions
QualcommMdm9625All versions
QualcommMdm9625mAll versions
QualcommMdm9628All versions
QualcommMdm9630All versions
QualcommMdm9635mAll versions
QualcommMdm9640All versions
QualcommMdm9645All versions
QualcommMdm9650All versions
QualcommMdm9655All versions
QualcommMpq8064All versions
QualcommMsm8108All versions

Showing 50 of 506 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-3685?
Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
How severe is CVE-2020-3685?
CVE-2020-3685 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.92% probability of exploitation in the next 30 days.
How do I fix CVE-2020-3685?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3685?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST