CVE-2020-11178

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue allows trusted apps to overwrite the CPZ memory of another use-case. This is possible because the TrustZone (TZ) only checks if the physical address is not overlapping with its memory and its Root of Trust (RoT) memory. The affected products include Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.