CVE-2020-3699

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8009 through SDM845 Qualcomm Snapdragon Compute versions APQ8009 through SDM845 Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SDM845 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845 Qualcomm Snapdragon Mobile versions APQ8009 through SDM845 Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845 Qualcomm Snapdragon Wearables versions APQ8009 through SDM845

Description The issue is related to possible out of bound access while processing assoc response from host due to improper length check before copying into buffer. This could potentially affect a large number of devices worldwide, although the exact number is not specified.

Recommendations For Qualcomm Snapdragon Auto versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Compute versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Mobile versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer. For Qualcomm Snapdragon Wearables versions APQ8009 through SDM845, update to a version with proper length check before copying into buffer.