Lucene search

[email protected]CVE-2023-43515

HistoryApr 01, 2024 - 3:15 p.m.

CVE-2023-43515

2024-04-0115:15:48

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-43515

memory corruption

hlos

debug_fs

kernel address sanitizers

tmecom

nvd

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8 Gen 1 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WSA8830"
      },
      {
        "status": "affected",
        "version": "WSA8835"
      }
    ]
  }
]

References

docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html