CVE-2020-3615

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions APQ8009 through SDX55 Snapdragon Compute versions APQ8009 through SDX55 Snapdragon Consumer Electronics Connectivity versions APQ8009 through SDX55 Snapdragon Consumer IOT versions APQ8009 through SDX55 Snapdragon Industrial IOT versions APQ8009 through SDX55 Snapdragon Mobile versions APQ8009 through SDX55

Description The issue arises when valid deauth/disassoc frames are dropped due to improper enum values used to check the frame subtype, specifically when RMF is enabled and a rogue peer sends rogue deauth/disassoc frames. This affects various Snapdragon products.

Recommendations For Snapdragon Auto, update the firmware to properly handle enum values for frame subtype checking. For Snapdragon Compute, update the firmware to properly handle enum values for frame subtype checking. For Snapdragon Consumer Electronics Connectivity, update the firmware to properly handle enum values for frame subtype checking. For Snapdragon Consumer IOT, update the firmware to properly handle enum values for frame subtype checking. For Snapdragon Industrial IOT, update the firmware to properly handle enum values for frame subtype checking. For Snapdragon Mobile, update the firmware to properly handle enum values for frame subtype checking. As a temporary workaround, consider disabling RMF until a patch is available. Restrict access to rogue peers to minimize the risk of exploitation.