CVE-2020-3703

CRITICAL

Snapdragon Auto - Buffer Overflow

Title source: llm

Description

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 52.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125 CWE-20

Status published

Products (41)

qualcomm/apq8053_firmware

qualcomm/apq8076_firmware

qualcomm/ar9344_firmware

qualcomm/bitra_firmware

qualcomm/kamorta_firmware

qualcomm/mdm9206_firmware

qualcomm/mdm9207c_firmware

qualcomm/mdm9607_firmware

qualcomm/msm8905_firmware

qualcomm/msm8917_firmware

... and 31 more

Published Nov 02, 2020

Tracked Since Feb 18, 2026