CVEs-PoC/2020/CVE-2020-3625.md

### [CVE-2020-3625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3625)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Mobile&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Copy%20Without%20Checking%20Size%20of%20Input%20in%20DSP%20Services&color=brighgreen)

### Description

When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

#### Github
No PoCs found on GitHub currently.