CVE-2020-11202

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions QCM6125 through SM8150P Snapdragon Compute versions QCM6125 through SM8150P Snapdragon Consumer IOT versions QCM6125 through SM8150P Snapdragon Industrial IOT versions QCM6125 through SM8150P Snapdragon Mobile versions QCM6125 through SM8150P

Description A buffer overflow/underflow issue occurs due to typecasting of a buffer passed internally by the CPU in the library, which is not aligned with the actual size of the structure. This issue affects various Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, and Mobile, in multiple chipsets.

Recommendations For Snapdragon Auto versions QCM6125 through SM8150P, update to a version that aligns the buffer size with the actual structure size to prevent buffer overflow/underflow. For Snapdragon Compute versions QCM6125 through SM8150P, ensure proper buffer handling to prevent typecasting issues. For Snapdragon Consumer IOT versions QCM6125 through SM8150P, apply configuration changes to align buffer sizes with structure sizes. For Snapdragon Industrial IOT versions QCM6125 through SM8150P, restrict access to vulnerable library functions until a patch is available. For Snapdragon Mobile versions QCM6125 through SM8150P, consider disabling vulnerable features temporarily until a fix is applied.