CVEs-PoC/2020/CVE-2020-11208.md

### [CVE-2020-11208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11208)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Mobile&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Overflow%20in%20DSP%20Process&color=brighgreen)

### Description

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

### POC

#### Reference
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-11208