CVE-2020-11261

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wearables versions prior to the fixed version

Description: The issue is related to a memory corruption problem due to an improper check to return an error when a user application requests memory allocation of a huge size. This is caused by insufficient input validation in the Qualcomm graphics component of the Android operating system. An attacker could exploit this issue to execute arbitrary code using an installed application. There are indications that this issue may be under limited, targeted exploitation.

Recommendations: For Qualcomm Snapdragon Auto, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Compute, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Wearables, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the allocation of large memory sizes to minimize the risk of exploitation.