CVE-2020-3684

Name of the Vulnerable Software and Affected Versions Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Connectivity (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wired Infrastructure and Networking (affected versions not specified) Agatti (affected versions not specified) APQ8009 (affected versions not specified) APQ8098 (affected versions not specified) Bitra (affected versions not specified) IPQ6018 (affected versions not specified) Kamorta (affected versions not specified) MDM9150 (affected versions not specified) MDM9205 (affected versions not specified) MDM9206 (affected versions not specified) MDM9607 (affected versions not specified) MDM9650 (affected versions not specified) MSM8905 (affected versions not specified) MSM8998 (affected versions not specified) Nicobar (affected versions not specified) QCA6390 (affected versions not specified) QCS404 (affected versions not specified) QCS405 (affected versions not specified) QCS605 (affected versions not specified) QCS610 (affected versions not specified) Rennell (affected versions not specified) SA415M (affected versions not specified) SA515M (affected versions not specified) SA6155P (affected versions not specified) SA8155P (affected versions not specified) Saipan (affected versions not specified) SC7180 (affected versions not specified) SC8180X (affected versions not specified) SDA660 (affected versions not specified) SDA845 (affected versions not specified) SDM630 (affected versions not specified) SDM636 (affected versions not specified) SDM660 (affected versions not specified) SDM670 (affected versions not specified) SDM710 (affected versions not specified) SDM845 (affected versions not specified) SDM850 (affected versions not specified) SDX20 (affected versions not specified) SDX24 (affected versions not specified) SDX55 (affected versions not specified) SM6150 (affected versions not specified) SM7150 (affected versions not specified) SM8150 (affected versions not specified) SM8250 (affected versions not specified) SXR1130 (affected versions not specified) SXR2130 (affected versions not specified)

Description QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation. This issue affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking, as well as multiple specific chipsets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.