CVE-2020-11125

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wearables versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version Agatti (affected versions not specified) APQ8009 (affected versions not specified) Bitra (affected versions not specified) IPQ4019 (affected versions not specified) IPQ5018 (affected versions not specified) IPQ6018 (affected versions not specified) IPQ8064 (affected versions not specified) IPQ8074 (affected versions not specified) Kamorta (affected versions not specified) MDM9150 (affected versions not specified) MDM9607 (affected versions not specified) MDM9650 (affected versions not specified) MSM8905 (affected versions not specified) MSM8917 (affected versions not specified) MSM8953 (affected versions not specified) Nicobar (affected versions not specified) QCA6390 (affected versions not specified) QCA9531 (affected versions not specified) QCM2150 (affected versions not specified) QCS404 (affected versions not specified) QCS405 (affected versions not specified) QCS605 (affected versions not specified) QCS610 (affected versions not specified) QM215 (affected versions not specified) QRB5165 (affected versions not specified) Rennell (affected versions not specified) SA415M (affected versions not specified) SA515M (affected versions not specified) SA6155P (affected versions not specified) SA8155P (affected versions not specified) Saipan (affected versions not specified) SC8180X (affected versions not specified) SDM429 (affected versions not specified) SDM429W (affected versions not specified) SDM439 (affected versions not specified) SDM450 (affected versions not specified) SDM632 (affected versions not specified) SDM660 (affected versions not specified) SDM670 (affected versions not specified) SDM710 (affected versions not specified) SDM845 (affected versions not specified) SDX55 (affected versions not specified) SM6150 (affected versions not specified) SM7150 (affected versions not specified) SM8150 (affected versions not specified) SM8250 (affected versions not specified) SXR1130 (affected versions not specified) SXR2130 (affected versions not specified)

Description The issue is related to out of bound access in the MHI command process due to a lack of check of the channel id value received from MHI devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.