CVE-2020-3678

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130

Description A buffer overflow could occur due to improper use of the API, as the UIE init does not contain a buffer size parameter. This issue affects various Qualcomm Snapdragon products, including Consumer IOT, Industrial IOT, Mobile, and Wired Infrastructure and Networking.

Recommendations For Qualcomm Snapdragon versions in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130, consider restricting access to the API until a proper fix is implemented to prevent buffer overflow. As a temporary workaround, consider implementing buffer size validation for the UIE init parameter to minimize the risk of exploitation.