CVE-2020-11162

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Description The issue is related to a possible buffer overflow in the MHI driver due to a lack of input parameter validation of EOT events received from the MHI device side. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, and Snapdragon Wired Infrastructure and Networking.

Recommendations For the affected Qualcomm Snapdragon versions, update to a version that includes input parameter validation for EOT events received from the MHI device side to prevent buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.