This page lists publicly disclosed CVE vulnerabilities affecting qualcomm msm8905_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-33070 | Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | [email protected] | 7.1 | 0.05% | 2023-12-04 | 2026-06-17 |
| CVE-2023-33063 KEV | Memory corruption in DSP Services during a remote call from HLOS to DSP. | [email protected] | 7.8 | 0.70% | 2023-12-04 | 2026-06-17 |
| CVE-2023-33018 | Memory corruption while using the UIM diag command to get the operators name. | [email protected] | 7.8 | 0.06% | 2023-12-04 | 2026-06-17 |
| CVE-2023-33017 | Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | [email protected] | 7.8 | 0.16% | 2023-12-04 | 2026-06-17 |
| CVE-2023-33059 | Memory corruption in Audio while processing the VOC packet data from ADSP. | [email protected] | 7.8 | 0.06% | 2023-11-07 | 2026-06-17 |
| CVE-2023-33031 | Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | [email protected] | 7.8 | 0.06% | 2023-11-07 | 2026-06-17 |
| CVE-2023-28540 | Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | [email protected] | 9.1 | 0.43% | 2023-10-03 | 2026-06-17 |
| CVE-2023-21670 | Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | [email protected] | 7.8 | 0.06% | 2023-06-06 | 2026-06-17 |
| CVE-2022-40521 | Transient DOS due to improper authorization in Modem | [email protected] | 7.5 | 0.35% | 2023-06-06 | 2026-06-17 |
| CVE-2022-40507 | Memory corruption due to double free in Core while mapping HLOS address to the list. | [email protected] | 8.4 | 1.31% | 2023-06-06 | 2026-06-17 |
| CVE-2022-33264 | Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. | [email protected] | 7.9 | 0.09% | 2023-06-06 | 2026-06-17 |
| CVE-2022-22076 | information disclosure due to cryptographic issue in Core during RPMB read request. | [email protected] | 7.1 | 0.05% | 2023-06-06 | 2026-06-17 |
| CVE-2020-3639 | u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS42 | [email protected] | 9.8 | 0.90% | 2020-11-12 | 2026-06-16 |
| CVE-2020-11196 | u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM89 | [email protected] | 9.8 | 0.89% | 2020-11-12 | 2026-06-16 |
| CVE-2020-11193 | u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998 | [email protected] | 9.8 | 0.90% | 2020-11-12 | 2026-06-16 |
| CVE-2020-11132 | u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS429 | [email protected] | 7.1 | 0.18% | 2020-11-12 | 2026-06-16 |
| CVE-2020-11123 | u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, A | [email protected] | 5.5 | 0.19% | 2020-11-12 | 2026-06-16 |
| CVE-2020-3703 | u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Sn | [email protected] | 9.8 | 0.70% | 2020-11-02 | 2026-06-16 |
| CVE-2020-3696 | u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8 | [email protected] | 7.8 | 0.19% | 2020-11-02 | 2026-06-16 |
| CVE-2020-3684 | u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, | [email protected] | 7.8 | 0.22% | 2020-11-02 | 2026-06-16 |