Snapdragon Auto Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) Vulnerability

Summary

Snapdragon Auto suffers from buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin


Details

Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150

 

Vulnerable Systems:

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer IOT

Snapdragon Industrial IOT

Snapdragon IoT

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wearables

 

CVE Information:

CVE-2020-3616

Disclosure Timeline:
Published Date:6/2/2020

Categories: FeaturedNews