CVE-2020-11116

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SM8250 Snapdragon Compute versions APQ8009 through SM8250 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Snapdragon Consumer IOT versions APQ8009 through SM8250 Snapdragon Industrial IOT versions APQ8009 through SM8250 Snapdragon Mobile versions APQ8009 through SM8250 Snapdragon Voice & Music versions APQ8009 through SM8250 Snapdragon Wearables versions APQ8009 through SM8250

Description The issue is related to a possible out of bound write while processing association response received from host due to lack of check of IE length. This affects various Snapdragon products.

Recommendations For Snapdragon Auto versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Compute versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Consumer IOT versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Industrial IOT versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Mobile versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Voice & Music versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue. For Snapdragon Wearables versions APQ8009 through SM8250, update to a version that includes the fix for the out of bound write issue.