CVE-2020-11128

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions APQ8009 through SDM845 Qualcomm Snapdragon Compute versions APQ8009 through SDM845 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845 Qualcomm Snapdragon Mobile versions APQ8009 through SDM845 Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845 Qualcomm Snapdragon Wearables versions APQ8009 through SDM845

Description: The issue is related to a possible out of bound access while copying the mask file content into the buffer without checking the buffer size. This is due to the lack of buffer size checking during array indexing in the Diagnostic (DIAG) Mode implementation of Qualcomm's embedded software. Exploitation of this issue may allow an attacker to execute arbitrary code or cause a denial of service.

Recommendations: For Qualcomm Snapdragon Auto versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Compute versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Mobile versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. For Qualcomm Snapdragon Wearables versions APQ8009 through SDM845, update the software to a version that includes the fix for the buffer size checking issue. As a temporary workaround, consider disabling the Diagnostic (DIAG) Mode until a patch is available.