A heap overflow vulnerability in Qualcomm Snapdragon 855 modem system-on-chips used in Android devices could let malicious people run arbitrary code on unsuspecting users’ devices, according to Check Point. The vuln, tracked as CVE-2020-11292, can be abused to trigger a heap overflow in devices that use a Qualcomm Mobile Station Modem (MSM) chip, thanks to some in-depth jiggery-pokery in the Qualcomm MSM Interface (QMI) voice service API.
Read full article on The Register