CVE-2020-3622 [High] | Out-of-bounds Write in Apq8009

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.05%	0.19%	+0.14%
2	2025-03-17	0.04%	0.05%	+0.01%
3	2023-03-07	—	0.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.05%

0.19%

+0.14%

2025-03-17

0.04%

0.05%

+0.01%

2023-03-07

—

0.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.8	3.1	HIGH	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	5.9	[email protected]
4.6	2.0	MEDIUM	`AV:L/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	3.9	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.8

3.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.8

5.9

[email protected]

4.6

2.0

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

3.9

6.4

[email protected]

Affected software / configurations for CVE-2020-3622

Vendor	Product	Version	Raw CPE
qualcomm	apq8009	—	cpe:2.3:h:qualcomm:apq8009:-:::::::*
qualcomm	apq8017	—	cpe:2.3:h:qualcomm:apq8017:-:::::::*
qualcomm	apq8053	—	cpe:2.3:h:qualcomm:apq8053:-:::::::*
qualcomm	apq8096au	—	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
qualcomm	apq8098	—	cpe:2.3:h:qualcomm:apq8098:-:::::::*
qualcomm	bitra	—	cpe:2.3:h:qualcomm:bitra:-:::::::*
qualcomm	ipq6018	—	cpe:2.3:h:qualcomm:ipq6018:-:::::::*
qualcomm	ipq8074	—	cpe:2.3:h:qualcomm:ipq8074:-:::::::*
qualcomm	kamorta	—	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	mdm9150	—	cpe:2.3:h:qualcomm:mdm9150:-:::::::*
qualcomm	mdm9205	—	cpe:2.3:h:qualcomm:mdm9205:-:::::::*
qualcomm	mdm9206	—	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
qualcomm	mdm9607	—	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	mdm9640	—	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
qualcomm	mdm9645	—	cpe:2.3:h:qualcomm:mdm9645:-:::::::*
qualcomm	mdm9650	—	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
qualcomm	mdm9655	—	cpe:2.3:h:qualcomm:mdm9655:-:::::::*
qualcomm	msm8905	—	cpe:2.3:h:qualcomm:msm8905:-:::::::*
qualcomm	msm8909	—	cpe:2.3:h:qualcomm:msm8909:-:::::::*
qualcomm	msm8917	—	cpe:2.3:h:qualcomm:msm8917:-:::::::*
qualcomm	msm8920	—	cpe:2.3:h:qualcomm:msm8920:-:::::::*
qualcomm	msm8937	—	cpe:2.3:h:qualcomm:msm8937:-:::::::*
qualcomm	msm8940	—	cpe:2.3:h:qualcomm:msm8940:-:::::::*
qualcomm	msm8953	—	cpe:2.3:h:qualcomm:msm8953:-:::::::*
qualcomm	msm8996	—	cpe:2.3:h:qualcomm:msm8996:-:::::::*
qualcomm	msm8996au	—	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	msm8998	—	cpe:2.3:h:qualcomm:msm8998:-:::::::*
qualcomm	nicobar	—	cpe:2.3:h:qualcomm:nicobar:-:::::::*
qualcomm	qca8081	—	cpe:2.3:h:qualcomm:qca8081:-:::::::*
qualcomm	qcm2150	—	cpe:2.3:h:qualcomm:qcm2150:-:::::::*
qualcomm	qcn7605	—	cpe:2.3:h:qualcomm:qcn7605:-:::::::*
qualcomm	qcs404	—	cpe:2.3:h:qualcomm:qcs404:-:::::::*
qualcomm	qcs405	—	cpe:2.3:h:qualcomm:qcs405:-:::::::*
qualcomm	qcs605	—	cpe:2.3:h:qualcomm:qcs605:-:::::::*
qualcomm	qcs610	—	cpe:2.3:h:qualcomm:qcs610:-:::::::*
qualcomm	qm215	—	cpe:2.3:h:qualcomm:qm215:-:::::::*
qualcomm	rennell	—	cpe:2.3:h:qualcomm:rennell:-:::::::*
qualcomm	sa415m	—	cpe:2.3:h:qualcomm:sa415m:-:::::::*
qualcomm	sa6155p	—	cpe:2.3:h:qualcomm:sa6155p:-:::::::*
qualcomm	saipan	—	cpe:2.3:h:qualcomm:saipan:-:::::::*
qualcomm	sc7180	—	cpe:2.3:h:qualcomm:sc7180:-:::::::*
qualcomm	sc8180x	—	cpe:2.3:h:qualcomm:sc8180x:-:::::::*
qualcomm	sda660	—	cpe:2.3:h:qualcomm:sda660:-:::::::*
qualcomm	sda845	—	cpe:2.3:h:qualcomm:sda845:-:::::::*
qualcomm	sdm429	—	cpe:2.3:h:qualcomm:sdm429:-:::::::*
qualcomm	sdm429w	—	cpe:2.3:h:qualcomm:sdm429w:-:::::::*
qualcomm	sdm439	—	cpe:2.3:h:qualcomm:sdm439:-:::::::*
qualcomm	sdm450	—	cpe:2.3:h:qualcomm:sdm450:-:::::::*
qualcomm	sdm630	—	cpe:2.3:h:qualcomm:sdm630:-:::::::*
qualcomm	sdm632	—	cpe:2.3:h:qualcomm:sdm632:-:::::::*
qualcomm	sdm636	—	cpe:2.3:h:qualcomm:sdm636:-:::::::*
qualcomm	sdm660	—	cpe:2.3:h:qualcomm:sdm660:-:::::::*
qualcomm	sdm670	—	cpe:2.3:h:qualcomm:sdm670:-:::::::*
qualcomm	sdm710	—	cpe:2.3:h:qualcomm:sdm710:-:::::::*
qualcomm	sdm845	—	cpe:2.3:h:qualcomm:sdm845:-:::::::*
qualcomm	sdm850	—	cpe:2.3:h:qualcomm:sdm850:-:::::::*
qualcomm	sdx20	—	cpe:2.3:h:qualcomm:sdx20:-:::::::*
qualcomm	sdx24	—	cpe:2.3:h:qualcomm:sdx24:-:::::::*
qualcomm	sdx55	—	cpe:2.3:h:qualcomm:sdx55:-:::::::*
qualcomm	sm6150	—	cpe:2.3:h:qualcomm:sm6150:-:::::::*
qualcomm	sm7150	—	cpe:2.3:h:qualcomm:sm7150:-:::::::*
qualcomm	sm8150	—	cpe:2.3:h:qualcomm:sm8150:-:::::::*
qualcomm	sm8250	—	cpe:2.3:h:qualcomm:sm8250:-:::::::*
qualcomm	sxr1130	—	cpe:2.3:h:qualcomm:sxr1130:-:::::::*
qualcomm	sxr2130	—	cpe:2.3:h:qualcomm:sxr2130:-:::::::*
qualcomm	apq8009_firmware	—	cpe:2.3:o:qualcomm:apq8009_firmware:-:::::::*
qualcomm	apq8017_firmware	—	cpe:2.3:o:qualcomm:apq8017_firmware:-:::::::*
qualcomm	apq8053_firmware	—	cpe:2.3:o:qualcomm:apq8053_firmware:-:::::::*
qualcomm	apq8096au_firmware	—	cpe:2.3:o:qualcomm:apq8096au_firmware:-:::::::*
qualcomm	apq8098_firmware	—	cpe:2.3:o:qualcomm:apq8098_firmware:-:::::::*
qualcomm	bitra_firmware	—	cpe:2.3:o:qualcomm:bitra_firmware:-:::::::*
qualcomm	ipq6018_firmware	—	cpe:2.3:o:qualcomm:ipq6018_firmware:-:::::::*
qualcomm	ipq8074_firmware	—	cpe:2.3:o:qualcomm:ipq8074_firmware:-:::::::*
qualcomm	kamorta_firmware	—	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	mdm9150_firmware	—	cpe:2.3:o:qualcomm:mdm9150_firmware:-:::::::*
qualcomm	mdm9205_firmware	—	cpe:2.3:o:qualcomm:mdm9205_firmware:-:::::::*
qualcomm	mdm9206_firmware	—	cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*
qualcomm	mdm9607_firmware	—	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9640_firmware	—	cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::*
qualcomm	mdm9645_firmware	—	cpe:2.3:o:qualcomm:mdm9645_firmware:-:::::::*

References for CVE-2020-3622

URL	Tags
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Broken Link
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Vendor Advisory

URL

CVE-2020-3622

Exploit prediction scoring system (EPSS) score for CVE-2020-3622

Common vulnerability scoring system (CVSS) metrics for CVE-2020-3622

Weakness enumeration for CVE-2020-3622

Affected software / configurations for CVE-2020-3622

References for CVE-2020-3622