CVE-2020-3628

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Mobile in APQ8053 versions prior to the fixed version Qualcomm Rennell versions prior to the fixed version Qualcomm SDX20 versions prior to the fixed version

Description The issue is related to improper access due to a socket opened by the logging application without specifying the localhost address. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Mobile in APQ8053, update to a version that includes the fix for this issue. For Qualcomm Rennell, update to a version that includes the fix for this issue. For Qualcomm SDX20, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the logging application until a patch is available.