CVE-2020-3670

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions Agatti through SXR1130 Snapdragon Compute versions Agatti through SXR1130 Snapdragon Consumer IOT versions Agatti through SXR1130 Snapdragon Industrial IOT versions Agatti through SXR1130 Snapdragon Mobile versions Agatti through SXR1130 Snapdragon Wearables versions Agatti through SXR1130

Description The issue is related to a potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container.

Recommendations For Snapdragon Auto, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. For Snapdragon Compute, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. For Snapdragon Consumer IOT, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. For Snapdragon Industrial IOT, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. For Snapdragon Mobile, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. For Snapdragon Wearables, update to a version that includes the fix for the improper length check of Information Element(IEI) NAS message container. At the moment, there is no information about a newer version that contains a fix for this vulnerability.