CVE-2020-11174

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions Agatti through SM8250 Snapdragon Compute versions APQ8009 through SDX55 Snapdragon Connectivity versions IPQ4019 through QCS605 Snapdragon Consumer IOT versions QCA6390 through SA8155P Snapdragon Industrial IOT versions QCA9531 through SC8180X Snapdragon Mobile versions MSM8905 through SDM845 Snapdragon Voice & Music versions QCM2150 through SXR2130 Snapdragon Wearables versions SA415M through SDM670 Snapdragon Wired Infrastructure and Networking versions Bitra through SM6150

Description The issue is an array index underflow in the adsp driver due to an improper check of the channel id before it is used as an array index. This affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking.

Recommendations For Snapdragon Auto versions Agatti through SM8250, update the adsp driver to a version that properly checks the channel id before using it as an array index. For Snapdragon Compute versions APQ8009 through SDX55, restrict access to the adsp driver until a patch is available. For Snapdragon Connectivity versions IPQ4019 through QCS605, consider disabling the adsp driver as a temporary workaround until a fix is released. For Snapdragon Consumer IOT versions QCA6390 through SA8155P, apply configuration changes to minimize the risk of exploitation. For Snapdragon Industrial IOT versions QCA9531 through SC8180X, avoid using the vulnerable adsp driver until the issue is resolved. For Snapdragon Mobile versions MSM8905 through SDM845, update to a newer version that includes the fix for the array index underflow issue. For Snapdragon Voice & Music versions QCM2150 through SXR2130, restrict the use of the adsp driver to prevent potential exploitation. For Snapdragon Wearables versions SA415M through SDM670, update the adsp driver to a version that includes the fix for the array index underflow issue. For Snapdragon Wired Infrastructure and Networking versions Bitra through SM6150, apply the recommended patch to resolve the issue.