CVE-2020-3665

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150

Description A possible buffer overflow would occur while processing a command from firmware due to the group id obtained from the firmware being out of range in various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations For Qualcomm Snapdragon versions APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150, consider disabling the processing of commands from firmware until a patch is available. As a temporary workaround, restrict access to the firmware interface to minimize the risk of exploitation. Avoid using the group id obtained from the firmware in the affected command processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.