← Back
CVE-2020-26139
CVE-2020-26139
AI summary snake-internal / snake-template-v1
A weakness called CVE-2020-26139 was discovered in the affected product.
Severity is Info. Low severity or not yet rated.
What you should do: update the affected software to the latest version. If unsure, ask your IT team or search the vendor's site for "the product CVE-2020-26139".
CVE-2020-26139 (the affected product). Severity: Info.
Response plan:
1. Check the vendor advisory for affected versions and the patched release.
2. If a vulnerable version is running in production, schedule maintenance (urgency from KEV/CVSS).
3. If no patch yet, mitigate via WAF rule, disabling the affected feature, etc.
4. Monitor logs / SIEM for known IOC and PoC signatures of this CVE.
PoCs and fix commits: see the 'References' section, MITRE, and NVD.
❓ What is the problem
A weakness (CVE-2020-26139) in the affected product. A serious software flaw has been identified.
📍 Affected scope
Target versions of the affected product (see vendor advisory). If running in production, identify exposure immediately.
🔥 Severity
Severity: Info. Low severity or not yet rated.
🔧 How to fix
Update to the patched release as listed in the vendor advisory.
🛡️ Workaround
If a patch is not yet available, consider disabling the affected feature, applying WAF rules, blocking via network ACLs, or isolating the vulnerable version.
🔍 Detection
Check version information, scan dependencies via SBOM, and monitor SIEM for IOC and PoC signatures related to this CVE.
Affected packages
Android
platform/vendor/qcom-opensource/wlan/prima
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
Android
platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
Android
platform/vendor/qcom-opensource/wlan/qcacld-3.0
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
References
- advisory https://source.android.com/security/bulletin/2021-10-01
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=8c4c0044cb8d511efe55d4401f487b50e0de04f4
- patch https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/prima/commit/?id=61ae9720dc8a84bdc5466811369b67c17a20c92f
- patch https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24a8352dd0b31d638ff4e254c31c395a0f339fd6
- patch https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f0da752c4b30edb43f73002242c311fe7e2e6743
- patch https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f21a2e0aa527badd36fa29d4967ae2eae23209f3
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=71ca8fb995f1aebe07439a9805423fdd5c30584c
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=2e0c0010ed14d08018e002f62f62742311f76040
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=6c720adf287350c6a14ff7ca085d72d9370bd4f7
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=fb8e58901cffa4f1ad5c9f6d1064041760813f8f
- patch https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=4d9d43c405db53c715985259ea0ab2b401b1684b