Qualcomm 8 Gen 1 Mobile Platform NAN Management Frame memory corruption

Summaryinfo

A vulnerability, which was classified as critical, has been found in Qualcomm 8 Gen 1 Mobile Platform, 8 Gen 2 Mobile Platform, 8+ Gen 2 Mobile Platform, 865 5G Mobile Platform, 865+ 5G Mobile Platform SM8250-AB, 870 5G Mobile Platform SM8250-AC, AR2 Gen 1 Platform, AR8035, CSR8811, FastConnect 6800, FastConnect 6900, FastConnect 7800, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 326 Platform, Immersive Home 3210 Platform, IPQ5010, IPQ5028, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9570, IPQ9574, QAM8255P, QAM8650P, QAM8775P, QCA0000, QCA4024, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9888, QCA9889, QCC710, QCC2073, QCC2076, QCF8000, QCF8001, QCM8550, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6112, QCN6122, QCN6132, QCN6224, QCN6274, QCN9000, QCN9012, QCN9013, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QFW7114 and QFW7124. Impacted is an unknown function of the component NAN Management Frame Handler. Performing a manipulation results in memory corruption. This vulnerability was named CVE-2023-33045. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as very critical, was found in Qualcomm 8 Gen 1 Mobile Platform, 8 Gen 2 Mobile Platform, 8+ Gen 2 Mobile Platform, 865 5G Mobile Platform, 865+ 5G Mobile Platform SM8250-AB, 870 5G Mobile Platform SM8250-AC, AR2 Gen 1 Platform, AR8035, CSR8811, FastConnect 6800, FastConnect 6900, FastConnect 7800, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 326 Platform, Immersive Home 3210 Platform, IPQ5010, IPQ5028, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9570, IPQ9574, QAM8255P, QAM8650P, QAM8775P, QCA0000, QCA4024, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9888, QCA9889, QCC710, QCC2073, QCC2076, QCF8000, QCF8001, QCM8550, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6112, QCN6122, QCN6132, QCN6224, QCN6274, QCN9000, QCN9012, QCN9013, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QFW7114 and QFW7124. This affects an unknown functionality of the component NAN Management Frame Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 11/07/2023. It is possible to read the advisory at qualcomm.com. This vulnerability is uniquely identified as CVE-2023-33045 since 05/17/2023. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 11/07/2023).

Upgrading eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• Qualcomm

Name

• 8 Gen 1 Mobile Platform
• 8 Gen 2 Mobile Platform
• 8+ Gen 2 Mobile Platform
• 865 5G Mobile Platform
• 865+ 5G Mobile Platform SM8250-AB
• 870 5G Mobile Platform SM8250-AC
• AR2 Gen 1 Platform
• AR8035
• CSR8811
• FastConnect 6800
• FastConnect 6900
• FastConnect 7800
• Immersive Home 214 Platform
• Immersive Home 216 Platform
• Immersive Home 316 Platform
• Immersive Home 318 Platform
• Immersive Home 326 Platform
• Immersive Home 3210 Platform
• IPQ5010
• IPQ5028
• IPQ5332
• IPQ6000
• IPQ6010
• IPQ6018
• IPQ6028
• IPQ8070A
• IPQ8071A
• IPQ8072A
• IPQ8074A
• IPQ8076
• IPQ8076A
• IPQ8078
• IPQ8078A
• IPQ8173
• IPQ8174
• IPQ9008
• IPQ9554
• IPQ9570
• IPQ9574
• QAM8255P
• QAM8650P
• QAM8775P
• QCA0000
• QCA4024
• QCA6391
• QCA6426
• QCA6436
• QCA6554A
• QCA6564AU
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6696
• QCA6698AQ
• QCA6797AQ
• QCA8075
• QCA8081
• QCA8082
• QCA8084
• QCA8085
• QCA8337
• QCA8386
• QCA9888
• QCA9889
• QCC710
• QCC2073
• QCC2076
• QCF8000
• QCF8001
• QCM8550
• QCN5022
• QCN5024
• QCN5052
• QCN5122
• QCN5124
• QCN5152
• QCN5154
• QCN5164
• QCN6023
• QCN6024
• QCN6112
• QCN6122
• QCN6132
• QCN6224
• QCN6274
• QCN9000
• QCN9012
• QCN9013
• QCN9022
• QCN9024
• QCN9070
• QCN9072
• QCN9074
• QCN9100
• QCN9274
• QFW7114
• QFW7124
• SC8380XP
• SD 8 Gen1 5G
• SD865 5G
• SDX55
• SDX65M
• SM8550P
• SSG2115P
• SSG2125P
• SXR1230P
• SXR2230P
• WCD9340
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN6740
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• X65 5G Modem-RF System
• X75 5G Modem-RF System
• XR2 5G Platform

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion