Qualcomm 4 Gen 1 Mobile Platform Multi-Mode Call Processor heap-based overflow
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.3 | $0-$5k | 0.04 |
A vulnerability was found in Qualcomm 4 Gen 1 Mobile Platform, 4 Gen 2 Mobile Platform, 7c+ Gen 3 Compute, 8 Gen 1 Mobile Platform, 8 Gen 2 Mobile Platform, 8 Gen 3 Mobile Platform, 8+ Gen 1 Mobile Platform, 8+ Gen 2 Mobile Platform, 315 5G IoT Modem, 480 5G Mobile Platform, 480+ 5G Mobile Platform SM4350-AC, 690 5G Mobile Platform, 695 5G Mobile Platform, 750G 5G Mobile Platform, 765 5G Mobile Platform SM7250-AA, 765G 5G Mobile Platform SM7250-AB, 768G 5G Mobile Platform SM7250-AC, 778G+ 5G Mobile Platform SM7325-AE, 778G 5G Mobile Platform, 780G 5G Mobile Platform, 782G Mobile Platform SM7325-AF, 855 Mobile Platform, 855+, 860 Mobile Platform SM8150-AC, 865 5G Mobile Platform, 865+ 5G Mobile Platform SM8250-AB, 870 5G Mobile Platform SM8250-AC, 888 5G Mobile Platform, 888+ 5G Mobile Platform SM8350-AC, AR8035, Auto 5G Modem-RF, Auto 5G Modem-RF Gen 2, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, QCA6174A, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574A, QCA6584AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCC710, QCM4490, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9024, QCS4490, QCS6490, QCS8550, QEP8111, QFW7114, QFW7124, Qualcomm Video Collaboration VC3 Platform, SD855, SD865 5G, SD888, SDX55, SDX57M, SG8275P, SM7250P, SM7315, SM7325P, SM8550P, SXR2130, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN6740, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X35 5G Modem-RF System, X55 5G Modem-RF System, X65 5G Modem-RF System and X70 Modem-RF System (Groupware Software). It has been rated as critical. Affected by this issue is an unknown part of the component Multi-Mode Call Processor. The manipulation with an unknown input leads to a heap-based overflow vulnerability. Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Impacted is availability.
The weakness was disclosed 02/06/2024. The advisory is available at qualcomm.com. This vulnerability is handled as CVE-2023-33049 since 05/17/2023. The technical details are unknown and an exploit is not available.
Upgrading eliminates this vulnerability.
Product
Type
Vendor
Name
- 4 Gen 1 Mobile Platform
- 4 Gen 2 Mobile Platform
- 7c+ Gen 3 Compute
- 8 Gen 1 Mobile Platform
- 8 Gen 2 Mobile Platform
- 8 Gen 3 Mobile Platform
- 8+ Gen 1 Mobile Platform
- 8+ Gen 2 Mobile Platform
- 315 5G IoT Modem
- 480 5G Mobile Platform
- 480+ 5G Mobile Platform SM4350-AC
- 690 5G Mobile Platform
- 695 5G Mobile Platform
- 750G 5G Mobile Platform
- 765 5G Mobile Platform SM7250-AA
- 765G 5G Mobile Platform SM7250-AB
- 768G 5G Mobile Platform SM7250-AC
- 778G+ 5G Mobile Platform SM7325-AE
- 778G 5G Mobile Platform
- 780G 5G Mobile Platform
- 782G Mobile Platform SM7325-AF
- 855 Mobile Platform
- 855+
- 860 Mobile Platform SM8150-AC
- 865 5G Mobile Platform
- 865+ 5G Mobile Platform SM8250-AB
- 870 5G Mobile Platform SM8250-AC
- 888 5G Mobile Platform
- 888+ 5G Mobile Platform SM8350-AC
- AR8035
- Auto 5G Modem-RF
- Auto 5G Modem-RF Gen 2
- FastConnect 6200
- FastConnect 6700
- FastConnect 6800
- FastConnect 6900
- FastConnect 7800
- QCA6174A
- QCA6391
- QCA6421
- QCA6426
- QCA6431
- QCA6436
- QCA6574A
- QCA6584AU
- QCA6595AU
- QCA6696
- QCA6698AQ
- QCA8081
- QCA8337
- QCC710
- QCM4490
- QCM6490
- QCM8550
- QCN6024
- QCN6224
- QCN6274
- QCN9024
- QCS4490
- QCS6490
- QCS8550
- QEP8111
- QFW7114
- QFW7124
- Qualcomm Video Collaboration VC3 Platform
- SD855
- SD865 5G
- SD888
- SDX55
- SDX57M
- SG8275P
- SM7250P
- SM7315
- SM7325P
- SM8550P
- SXR2130
- WCD9340
- WCD9341
- WCD9360
- WCD9370
- WCD9375
- WCD9380
- WCD9385
- WCD9390
- WCD9395
- WCN3950
- WCN3988
- WCN6740
- WSA8810
- WSA8815
- WSA8830
- WSA8832
- WSA8835
- WSA8840
- WSA8845
- WSA8845H
- X35 5G Modem-RF System
- X55 5G Modem-RF System
- X65 5G Modem-RF System
- X70 Modem-RF System
- X75 5G Modem-RF System
- XR2 5G Platform
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔒VulDB CVSS-BT Score: 🔒
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.5
CNA Vector (Qualcomm, Inc.): 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Heap-based overflowCWE: CWE-122 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Timeline
05/17/2023 CVE reserved02/06/2024 Advisory disclosed
02/06/2024 VulDB entry created
02/06/2024 VulDB entry last update
Sources
Vendor: qualcomm.comAdvisory: qualcomm.com
Status: Confirmed
CVE: CVE-2023-33049 (🔒)
Entry
Created: 02/06/2024 08:35Changes: 02/06/2024 08:35 (48)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.