CVE-2020-11205

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions QSM8350 Snapdragon Compute versions SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M Snapdragon Mobile versions SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Description The issue is related to a possible integer overflow to heap overflow while processing a command due to the lack of a check of the packet length received. This can potentially lead to exploitation.

Recommendations For Snapdragon Auto version QSM8350, update to a version that includes a fix for the packet length check issue. For Snapdragon Compute versions SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, consider implementing additional validation for packet lengths to prevent potential overflows until a patch is available. For Snapdragon Mobile versions SM8250, SM8350, SM8350P, SXR2130, SXR2130P, restrict access to commands that could trigger the integer overflow until a fixed version is released.