Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are...

CVE-2023-28540

Cryptographic issue in Data Modem due to improper authentication during TLS handshake...

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP message...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange...

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value...

CVE-2023-24847

Transient DOS in Modem while allocating DSM items...

CVE-2023-24843

Transient DOS in Modem while triggering a camping on an 5G cell...

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE call...

Information disclosure

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value...

Information disclosure

Information Disclosure in data Modem while parsing an FMTP line in an SDP message...

Code injection

Transient DOS in Modem while triggering a camping on an 5G cell...

Authentication flaw

Cryptographic issue in Data Modem due to improper authentication during TLS handshake...

Memory corruption

Memory corruption in Modem while processing security related configuration before AS Security Exchange...

Information disclosure

Transient DOS in Modem while allocating DSM items...

Memory corruption

Memory Corruption in Data Modem while making a MO call or MT VOLTE call...

CVE-2023-28540 Improper Authentication in Data Modem

Cryptographic issue in Data Modem due to improper authentication during TLS handshake...

CVE-2023-28540 Improper Authentication in Data Modem

Cryptographic issue in Data Modem due to improper authentication during TLS handshake...

CVE-2023-28540

CVE-2023-28540 affects Qualcomm Data Modem; root cause is cryptographic issue due to improper authentication during TLS handshake. Public docs (NVD/Red Hat/PRION) describe a cryptographic/authentication flaw with high impact (I=High, C=High) on data confidentiality/integrity. The Qualcomm securit...

CVE-2023-24855

CVE-2023-24855 is a memory-corruption in Qualcomm’s modem when processing security-related configuration before the AS Security Exchange. Root cause described as an out-of-bounds pointer offset that can lead to remote code execution. Public sources (Qualcomm bulletin, Red Hat/PRION notes) describ...

CVE-2023-24855 Use of Out-of-range Pointer Offset in Modem

Memory corruption in Modem while processing security related configuration before AS Security Exchange...