Lucene search

QualcommCVE-2023-43540

HistoryMar 04, 2024 - 11:15 a.m.

CVE-2023-43540

2024-03-0411:15:12

CWE-120

qualcomm

web.nvd.nist.gov

cve-2023-43540

memory corruption

ioctl

fm hci write

nvd

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Memory corruption while processing the IOCTL FM HCI WRITE request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Compute"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000"
      },
      {
        "status": "affected",
        "version": "FastConnect 6200"
      },
      {
        "status": "affected",
        "version": "FastConnect 6700"
      },
      {
        "status": "affected",
        "version": "FastConnect 6800"
      },
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "QCA6391"
      },
      {
        "status": "affected",
        "version": "QCA6420"
      },
      {
        "status": "affected",
        "version": "QCA6430"
      },
      {
        "status": "affected",
        "version": "SC8380XP"
      },
      {
        "status": "affected",
        "version": "SM6250"
      },
      {
        "status": "affected",
        "version": "Snapdragon 7c Compute Platform (SC7180-AC)"
      },
      {
        "status": "affected",
        "version": "Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) \"Rennell Pro\""
      },
      {
        "status": "affected",
        "version": "Snapdragon 7c+ Gen 3 Compute"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
      },
      {
        "status": "affected",
        "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
      },
      {
        "status": "affected",
        "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
      },
      {
        "status": "affected",
        "version": "WCD9340"
      },
      {
        "status": "affected",
        "version": "WCD9341"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WCD9385"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      },
      {
        "status": "affected",
        "version": "WSA8815"
      },
      {
        "status": "affected",
        "version": "WSA8830"
      },
      {
        "status": "affected",
        "version": "WSA8835"
      },
      {
        "status": "affected",
        "version": "WSA8840"
      },
      {
        "status": "affected",
        "version": "WSA8845"
      },
      {
        "status": "affected",
        "version": "WSA8845H"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2023-43540