CVE-2020-11121

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Description The issue is related to a possible buffer overflow in the WIFI hal process due to the usage of memcpy without checking the length of the destination buffer. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations For Qualcomm Snapdragon versions QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, consider implementing buffer length checks for the memcpy function to prevent potential overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.