CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
8.2 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Qualcomm 7c Compute Platform SC7180-AC, 7c Gen 2 Compute Platform SC7180-AD Rennell Pro, 8c Compute Platform SC8180X-AD Poipu Lite, 8c Compute Platform SC8180XP-AD Poipu Lite, 8cx Compute Platform SC8180X-AA, 8cx Compute Platform SC8180XP-AC, 8cx Gen 2 5G Compute Platform SC8180X-AC, 8cx Gen 2 5G Compute Platform SC8180XP-AA, 665 Mobile Platform, 675 Mobile Platform, 678 Mobile Platform SM6150-AC, 720G Mobile Platform, 730 Mobile Platform SM7150-AA, 730G Mobile Platform SM7150-AB, 732G Mobile Platform SM7150-AC, 855 Mobile Platform, 855+, 860 Mobile Platform SM8150-AC, 9205 LTE Modem, AB, AF Poipu Pro, AQT1000, AR8031, Auto 4G Modem, Auto 5G Modem-RF, C-V2X 9150, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6800, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ9008, IPQ9574, QCA4004, QCA4024, QCA6174A, QCA6391, QCA6420, QCA6430, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8386, QCA9377, QCM6125, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9274, QCS410, QCS610, QCS6125, QCS8155, QTS110, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD675, SD730 and SD855. This issue affects an unknown function of the component TZ Secure OS. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability.
The weakness was presented 01/02/2024. The advisory is shared at qualcomm.com. The identification of this vulnerability is CVE-2023-33032 since 05/17/2023. Neither technical details nor an exploit are publicly available.
Upgrading eliminates this vulnerability.
Product
Vendor
Name
- 7c Compute Platform SC7180-AC
- 7c Gen 2 Compute Platform SC7180-AD Rennell Pro
- 8c Compute Platform SC8180X-AD Poipu Lite
- 8c Compute Platform SC8180XP-AD Poipu Lite
- 8cx Compute Platform SC8180X-AA
- 8cx Compute Platform SC8180XP-AC
- 8cx Gen 2 5G Compute Platform SC8180X-AC
- 8cx Gen 2 5G Compute Platform SC8180XP-AA
- 665 Mobile Platform
- 675 Mobile Platform
- 678 Mobile Platform SM6150-AC
- 720G Mobile Platform
- 730 Mobile Platform SM7150-AA
- 730G Mobile Platform SM7150-AB
- 732G Mobile Platform SM7150-AC
- 855 Mobile Platform
- 855+
- 860 Mobile Platform SM8150-AC
- 9205 LTE Modem
- AB
- AF Poipu Pro
- AQT1000
- AR8031
- Auto 4G Modem
- Auto 5G Modem-RF
- C-V2X 9150
- CSR8811
- CSRA6620
- CSRA6640
- CSRB31024
- FastConnect 6200
- FastConnect 6800
- FSM10056
- IPQ6000
- IPQ6005
- IPQ6010
- IPQ6018
- IPQ6028
- IPQ9008
- IPQ9574
- QCA4004
- QCA4024
- QCA6174A
- QCA6391
- QCA6420
- QCA6430
- QCA6564
- QCA6564A
- QCA6564AU
- QCA6574
- QCA6574A
- QCA6574AU
- QCA6595
- QCA6595AU
- QCA6696
- QCA8072
- QCA8075
- QCA8081
- QCA8082
- QCA8084
- QCA8085
- QCA8386
- QCA9377
- QCM6125
- QCN5021
- QCN5022
- QCN5052
- QCN5121
- QCN5122
- QCN5152
- QCN6023
- QCN6024
- QCN9000
- QCN9022
- QCN9024
- QCN9070
- QCN9072
- QCN9074
- QCN9274
- QCS410
- QCS610
- QCS6125
- QCS8155
- QTS110
- SA4150P
- SA4155P
- SA6145P
- SA6150P
- SA6155
- SA6155P
- SA8145P
- SA8150P
- SA8155
- SA8155P
- SA8195P
- SC8180X+SDX55
- SD 675
- SD675
- SD730
- SD855
- SDX55
- SM6250
- SM6250P
- Smart Audio 400 Platform
- WCD9306
- WCD9335
- WCD9340
- WCD9341
- WCD9370
- WCD9371
- WCD9375
- WCD9380
- WCN3950
- WCN3980
- WCN3988
- WCN3990
- WCN3999
- Wear 1300 Platform
- WSA8810
- WSA8815
- X24 LTE Modem
- X50 5G Modem-RF System
- X55 5G Modem-RF System
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔒VulDB CVSS-BT Score: 🔒
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.3VulDB Meta Temp Score: 8.2
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔒
CNA Base Score: 9.3
CNA Vector (Qualcomm, Inc.): 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Timeline
05/17/2023 CVE reserved01/02/2024 Advisory disclosed
01/02/2024 VulDB entry created
01/22/2024 VulDB entry last update
Sources
Vendor: qualcomm.comAdvisory: qualcomm.com
Status: Confirmed
CVE: CVE-2023-33032 (🔒)
Entry
Created: 01/02/2024 10:36Updated: 01/22/2024 15:11
Changes: 01/02/2024 10:36 (47), 01/22/2024 15:11 (11)
Complete: 🔍
Cache ID: 18:A4A:103
No comments yet. Languages: en.
Please log in to comment.