CVE-2020-11206

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8098 through SM8350P Snapdragon Compute versions APQ8098 through SM8350P Snapdragon Consumer IOT versions APQ8098 through SM8350P Snapdragon Industrial IOT versions APQ8098 through SM8350P Snapdragon Mobile versions APQ8098 through SM8350P

Description The issue is related to a possible buffer overflow in Fastrpc while handling received parameters due to a lack of validation on input parameters. This could potentially affect a large number of devices worldwide, given the widespread use of Snapdragon chips in various products.

Recommendations For Snapdragon Auto, update to a version that includes input validation for received parameters in Fastrpc. For Snapdragon Compute, update to a version that includes input validation for received parameters in Fastrpc. For Snapdragon Consumer IOT, update to a version that includes input validation for received parameters in Fastrpc. For Snapdragon Industrial IOT, update to a version that includes input validation for received parameters in Fastrpc. For Snapdragon Mobile, update to a version that includes input validation for received parameters in Fastrpc. As a temporary workaround, consider disabling the Fastrpc function until a patch is available. Restrict access to the Fastrpc module to minimize the risk of exploitation.