Lucene search

QualcommVULNRICHMENT:CVE-2023-43515

HistoryApr 01, 2024 - 3:05 p.m.

CVE-2023-43515 Buffer copy without checking size of input (Classic buffer overflow) in HLOS

2024-04-0115:05:59

CWE-120

qualcomm

github.com

buffer overflow

memory corruption

hlos

kernel address sanitizers

debug_fs

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

7.1 High

AI Score

Confidence

High

JSON

Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8 Gen 1 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WSA8830"
      },
      {
        "status": "affected",
        "version": "WSA8835"
      }
    ]
  }
]

References

docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html