Description
Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin
Scores
CVSS v3
9.1
EPSS
0.0018
EPSS Percentile
38.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (20)
qualcomm/apq8009_firmware
qualcomm/apq8096au_firmware
qualcomm/ipq4019_firmware
qualcomm/ipq6018_firmware
qualcomm/ipq8064_firmware
qualcomm/ipq8074_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9207c_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9640_firmware
... and 10 more
Published
Apr 16, 2020
Tracked Since
Feb 18, 2026