CVE-2020-11122

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Consumer IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Affected chipsets include APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130

Description: The issue is related to a null pointer exception that occurs when playing a crafted mkv file, which can lead to a data stream being deleted due to an invalid secondary configuration. This is associated with a software vulnerability in Qualcomm embedded platforms that involves dereferencing an untrusted pointer. Exploitation of this issue could allow a remote attacker to execute arbitrary code or cause a denial of service by playing specially crafted MKV files.

Recommendations: For Qualcomm Snapdragon Auto, consider disabling the playback of mkv files until a patch is available. For Qualcomm Snapdragon Consumer IOT, restrict access to the mkv file playback feature to minimize the risk of exploitation. For Qualcomm Snapdragon Mobile, avoid using the affected data stream configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.