CVE-2020-27485

Name of the Vulnerable Software and Affected Versions Garmin Forerunner 235 versions prior to 8.20

Description The issue is related to an array index error in the ConnectIQ TVM component. To exploit this, an attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions, allowing read and write access to memory outside the bounds of the TVM context allocation. This can be used to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.

Recommendations For Garmin Forerunner 235 versions prior to 8.20, update to version 8.20 or later to resolve the issue. As a temporary workaround, consider restricting the installation of ConnectIQ applications from untrusted sources to minimize the risk of exploitation.