Action not permitted
Modal body text goes here.
wid-sec-w-2023-1984
Vulnerability from csaf_certbund
Published
2023-08-07 22:00
Modified
2023-09-19 22:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erhöhen, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1984 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1984.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1984 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1984"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6383-1 vom 2023-09-19",
"url": "https://ubuntu.com/security/notices/USN-6383-1"
},
{
"category": "external",
"summary": "Pixel Patchday August 2023 vom 2023-08-07",
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-08-01"
},
{
"category": "external",
"summary": "Android Patchday August 2023 vom 2023-08-07",
"url": "https://source.android.com/docs/security/bulletin/2023-08-01"
}
],
"source_lang": "en-US",
"title": "Google Android: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-09-19T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:39:32.414+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-1984",
"initial_release_date": "2023-08-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Google Android 11",
"product": {
"name": "Google Android 11",
"product_id": "T019739",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:11"
}
}
},
{
"category": "product_name",
"name": "Google Android 12",
"product": {
"name": "Google Android 12",
"product_id": "T020881",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12"
}
}
},
{
"category": "product_name",
"name": "Google Android 13",
"product": {
"name": "Google Android 13",
"product_id": "T024488",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:13"
}
}
},
{
"category": "product_name",
"name": "Google Android 12L",
"product": {
"name": "Google Android 12L",
"product_id": "T029115",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:12l"
}
}
}
],
"category": "product_name",
"name": "Android"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28555",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-28555"
},
{
"cve": "CVE-2023-28537",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-28537"
},
{
"cve": "CVE-2023-22666",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-22666"
},
{
"cve": "CVE-2023-21650",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21650"
},
{
"cve": "CVE-2023-21649",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21649"
},
{
"cve": "CVE-2023-21648",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21648"
},
{
"cve": "CVE-2023-21647",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21647"
},
{
"cve": "CVE-2023-21627",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21627"
},
{
"cve": "CVE-2023-21626",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21626"
},
{
"cve": "CVE-2023-21292",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21292"
},
{
"cve": "CVE-2023-21290",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21290"
},
{
"cve": "CVE-2023-21289",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21289"
},
{
"cve": "CVE-2023-21288",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21288"
},
{
"cve": "CVE-2023-21287",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21287"
},
{
"cve": "CVE-2023-21286",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21286"
},
{
"cve": "CVE-2023-21285",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21285"
},
{
"cve": "CVE-2023-21284",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21284"
},
{
"cve": "CVE-2023-21283",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21283"
},
{
"cve": "CVE-2023-21282",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21282"
},
{
"cve": "CVE-2023-21281",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21281"
},
{
"cve": "CVE-2023-21280",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21280"
},
{
"cve": "CVE-2023-21279",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21279"
},
{
"cve": "CVE-2023-21278",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21278"
},
{
"cve": "CVE-2023-21277",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21277"
},
{
"cve": "CVE-2023-21276",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21276"
},
{
"cve": "CVE-2023-21275",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21275"
},
{
"cve": "CVE-2023-21274",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21274"
},
{
"cve": "CVE-2023-21273",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21273"
},
{
"cve": "CVE-2023-21272",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21272"
},
{
"cve": "CVE-2023-21271",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21271"
},
{
"cve": "CVE-2023-21270",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21270"
},
{
"cve": "CVE-2023-21269",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21269"
},
{
"cve": "CVE-2023-21268",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21268"
},
{
"cve": "CVE-2023-21267",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21267"
},
{
"cve": "CVE-2023-21265",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21265"
},
{
"cve": "CVE-2023-21264",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21264"
},
{
"cve": "CVE-2023-21242",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21242"
},
{
"cve": "CVE-2023-21175",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21175"
},
{
"cve": "CVE-2023-21142",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21142"
},
{
"cve": "CVE-2023-21140",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21140"
},
{
"cve": "CVE-2023-21134",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21134"
},
{
"cve": "CVE-2023-21133",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21133"
},
{
"cve": "CVE-2023-21132",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-21132"
},
{
"cve": "CVE-2023-20965",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-20965"
},
{
"cve": "CVE-2023-20780",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2023-20780"
},
{
"cve": "CVE-2022-40510",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2022-40510"
},
{
"cve": "CVE-2022-34830",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2022-34830"
},
{
"cve": "CVE-2020-29374",
"notes": [
{
"category": "description",
"text": "In Google Android existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"Android Runtime\", \"Framework\", \"Media Framework\", \"System\", \"Google Play system updates\", \"Kernel\", \"ARM components\", \"MediaTek components\", \"Qualcomm closed-source components\" sowie \"Qualcomm components\". Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T000126",
"T019739",
"T024488",
"T020881",
"T029115"
]
},
"release_date": "2023-08-07T22:00:00Z",
"title": "CVE-2020-29374"
}
]
}
cve-2023-21647
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Improper Input Validation in Bluetooth HOST
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:26:56.536501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:27:03.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure in Bluetooth when an GATT packet is received due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:37.083Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Improper Input Validation in Bluetooth HOST"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21647",
"datePublished": "2023-08-08T09:14:53.821Z",
"dateReserved": "2022-12-07T02:58:25.867Z",
"dateUpdated": "2024-08-02T09:44:02.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21268
Vulnerability from cvelistv5
Published
2023-08-14 20:59
Modified
2024-10-09 18:58
Severity ?
EPSS score ?
Summary
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T18:58:37.001439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T18:58:49.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:52.485Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21268",
"datePublished": "2023-08-14T20:59:52.485Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T18:58:49.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21285
Vulnerability from cvelistv5
Published
2023-08-14 21:06
Modified
2024-10-09 14:43
Severity ?
EPSS score ?
Summary
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/0c3b7ec3377e7fb645ec366be3be96bb1a252ca1"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:42:59.984428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:43:10.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn setMetadata of MediaSessionRecord.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In setMetadata of MediaSessionRecord.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:06:23.871Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/0c3b7ec3377e7fb645ec366be3be96bb1a252ca1"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21285",
"datePublished": "2023-08-14T21:06:23.871Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:43:10.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21649
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8096au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqt1000_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9628_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9650_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6390_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6391_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6420_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6421_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6426_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6430_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6431_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6436_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6554a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6554a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6584au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6595_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6595au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6696_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca8337_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcc5100_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcc5100_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9074_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs410_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs610_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6145p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8145p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8195p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd480_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd695_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd855_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd865_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd870_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sda429w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx55_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx55m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdxr2_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm4375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm4375_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9341_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9370_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9375_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3610_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3660b_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3680b_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3950_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3980_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3988_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3991_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3998_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6851_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8810_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8815_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:26:37.735073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:26:46.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8096AU"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MDM9650"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6554A"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4375"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in WLAN while running doDriverCmd for an unspecific command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:43.941Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21649",
"datePublished": "2023-08-08T09:14:55.873Z",
"dateReserved": "2022-12-07T02:58:25.867Z",
"dateUpdated": "2024-08-02T09:44:02.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21626
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-10-24 18:59
Severity ?
EPSS score ?
Summary
Improper Authentication in HLOS.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:qualcomm:snapdragon:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "APQ8009"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8037"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "FSM10056"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "MDM9205"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9207"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8920"
},
{
"status": "affected",
"version": "MSM8937"
},
{
"status": "affected",
"version": "MSM8940"
},
{
"status": "affected",
"version": "PM8937"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN7606"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS603"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8155"
},
{
"status": "affected",
"version": "QCX315"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8180X+SDX55"
},
{
"status": "affected",
"version": "SD 455"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8cx Gen2"
},
{
"status": "affected",
"version": "SD 8cx Gen3"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD450"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD7c"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD850"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDX24"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM4375"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:51:18.709645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:59:08.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon IoT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8037"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "FSM10056"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "MDM9205"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9207"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8920"
},
{
"status": "affected",
"version": "MSM8937"
},
{
"status": "affected",
"version": "MSM8940"
},
{
"status": "affected",
"version": "PM8937"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA4004"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN7606"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS603"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8155"
},
{
"status": "affected",
"version": "QCX315"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8180X+SDX55"
},
{
"status": "affected",
"version": "SD 455"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8cx Gen2"
},
{
"status": "affected",
"version": "SD 8cx Gen3"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD450"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD7c"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD850"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDX24"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM4375"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "CWE-320 Key Management Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:26.915Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Improper Authentication in HLOS."
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21626",
"datePublished": "2023-08-08T09:14:50.487Z",
"dateReserved": "2022-12-07T02:58:25.864Z",
"dateUpdated": "2024-10-24T18:59:08.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20780
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:41
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:41:07.970344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:41:18.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:00.627Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20780",
"datePublished": "2023-08-07T03:21:00.627Z",
"dateReserved": "2022-10-28T02:03:10.776Z",
"dateUpdated": "2024-10-17T14:41:18.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21282
Vulnerability from cvelistv5
Published
2023-08-14 21:05
Modified
2024-10-09 14:48
Severity ?
EPSS score ?
Summary
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/aac/+/4242f97d149b0bf0cd96f00cd1e9d30d5922cd46"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:46:56.392359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:48:02.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/p\u003e"
}
],
"value": "In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:05:23.902Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/external/aac/+/4242f97d149b0bf0cd96f00cd1e9d30d5922cd46"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21282",
"datePublished": "2023-08-14T21:05:23.902Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:48:02.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21133
Vulnerability from cvelistv5
Published
2023-08-14 20:57
Modified
2024-10-09 19:12
Severity ?
EPSS score ?
Summary
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:25.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:01:53.537559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:12:21.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:57:57.389Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21133",
"datePublished": "2023-08-14T20:57:57.389Z",
"dateReserved": "2022-11-03T22:37:50.639Z",
"dateUpdated": "2024-10-09T19:12:21.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21289
Vulnerability from cvelistv5
Published
2023-08-14 21:07
Modified
2024-10-09 14:35
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:34:55.751576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:35:14.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:07:27.693Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21289",
"datePublished": "2023-08-14T21:07:27.693Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-09T14:35:14.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21279
Vulnerability from cvelistv5
Published
2023-08-14 21:04
Modified
2024-10-09 14:54
Severity ?
EPSS score ?
Summary
In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:52:13.133704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:54:26.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:04:31.594Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21279",
"datePublished": "2023-08-14T21:04:31.594Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:54:26.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21288
Vulnerability from cvelistv5
Published
2023-08-14 21:07
Modified
2024-10-09 14:36
Severity ?
EPSS score ?
Summary
In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:36:03.478195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:36:22.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:07:10.453Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21288",
"datePublished": "2023-08-14T21:07:10.453Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-09T14:36:22.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21281
Vulnerability from cvelistv5
Published
2023-08-14 21:05
Modified
2024-10-09 14:49
Severity ?
EPSS score ?
Summary
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/badb243574d7fca9aa89152d9d25eeb4f8615385"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:48:47.046036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:49:58.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:05:06.431Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/badb243574d7fca9aa89152d9d25eeb4f8615385"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21281",
"datePublished": "2023-08-14T21:05:06.431Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:49:58.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21271
Vulnerability from cvelistv5
Published
2023-08-14 21:00
Modified
2024-10-09 15:20
Severity ?
EPSS score ?
Summary
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/e44e1064ccec2aa09fc66bd750d66919129ae6b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:16:19.831198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:20:34.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:00:47.078Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/e44e1064ccec2aa09fc66bd750d66919129ae6b4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21271",
"datePublished": "2023-08-14T21:00:47.078Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:20:34.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28555
Vulnerability from cvelistv5
Published
2023-08-08 09:15
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Buffer Over-read in Audio
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar8035_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6200_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6700_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6900_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_7800_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9628_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qam8295p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564a_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564au_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574a_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574au_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6595au_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6696_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca8081_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca8337_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm4325_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm4325_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm4490_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn6024_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9024_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs4490_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa4150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa4155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6145p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8145p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8195p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8295p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_8_gen1_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd865_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx55_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sg4150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm4450_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm4450_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_4_gen_1_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_480_5g_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_680_4g_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_695_5g_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_8_gen_1_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_888_5g_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_ar2_gen_1_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_auto_5g_modem-rf_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_x65_5g_modem-rf_system_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_xr2_5g_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2115p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ssg2125p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr1230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr2230p_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9370_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9375_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3950_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3980_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3988_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6740_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8810_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8815_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8832_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T19:51:26.152816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:48.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCM4325"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SM4450"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 680 4G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
},
{
"status": "affected",
"version": "Snapdragon 695 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS in Audio while remapping channel buffer in media codec decoding."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:24:05.360Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Buffer Over-read in Audio"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-28555",
"datePublished": "2023-08-08T09:15:02.599Z",
"dateReserved": "2023-03-17T11:41:45.847Z",
"dateUpdated": "2024-08-02T13:43:22.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21242
Vulnerability from cvelistv5
Published
2023-08-14 20:58
Modified
2024-10-09 14:26
Severity ?
EPSS score ?
Summary
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/72e903f258b5040b8f492cf18edd124b5a1ac770"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:26:00.372212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:26:12.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:58:52.284Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/72e903f258b5040b8f492cf18edd124b5a1ac770"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21242",
"datePublished": "2023-08-14T20:58:52.284Z",
"dateReserved": "2022-11-03T22:37:50.652Z",
"dateUpdated": "2024-10-09T14:26:12.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21273
Vulnerability from cvelistv5
Published
2023-08-14 21:01
Modified
2024-10-09 15:07
Severity ?
EPSS score ?
Summary
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:03:37.269306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:07:41.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:24.805Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1e27ef69755a0735278a1c6af130c71a92b94e3f"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21273",
"datePublished": "2023-08-14T21:01:24.805Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T15:07:41.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21277
Vulnerability from cvelistv5
Published
2023-08-14 21:03
Modified
2024-10-09 14:56
Severity ?
EPSS score ?
Summary
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:56:24.581895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:56:42.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:03:04.607Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21277",
"datePublished": "2023-08-14T21:03:04.607Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:56:42.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22666
Vulnerability from cvelistv5
Published
2023-08-08 09:15
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound in Audio
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8096AU"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8996AU"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCX315"
},
{
"status": "affected",
"version": "QRB5165"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD450"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDX12"
},
{
"status": "affected",
"version": "SDX24"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption in Audio while playing amrwbplus clips with modified content."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:58.042Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Integer Overflow or Wraparound in Audio"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-22666",
"datePublished": "2023-08-08T09:15:00.281Z",
"dateReserved": "2023-01-06T05:06:07.906Z",
"dateUpdated": "2024-08-02T10:13:49.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29374
Vulnerability from cvelistv5
Published
2020-11-28 06:18
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210115-0002/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T02:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210115-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210115-0002/"
},
{
"name": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
},
{
"name": "DSA-5096",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29374",
"datePublished": "2020-11-28T06:18:56",
"dateReserved": "2020-11-28T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21132
Vulnerability from cvelistv5
Published
2023-08-14 20:57
Modified
2024-10-09 19:13
Severity ?
EPSS score ?
Summary
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:01:54.508616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:13:01.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:57:31.732Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21132",
"datePublished": "2023-08-14T20:57:31.732Z",
"dateReserved": "2022-11-03T22:37:50.639Z",
"dateUpdated": "2024-10-09T19:13:01.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21269
Vulnerability from cvelistv5
Published
2023-08-14 21:00
Modified
2024-10-09 15:25
Severity ?
EPSS score ?
Summary
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:23:08.834309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:25:42.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:00:08.724Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21269",
"datePublished": "2023-08-14T21:00:08.724Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:25:42.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34830
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34830",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-06-29T00:00:00",
"dateUpdated": "2024-08-03T09:22:10.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28537
Vulnerability from cvelistv5
Published
2023-08-08 09:15
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound in Audio
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "315 5G IoT Modem"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "Flight RB5 5G Platform"
},
{
"status": "affected",
"version": "Home Hub 100 Platform"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8996AU"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "Qualcomm Robotics RB3 Platform"
},
{
"status": "affected",
"version": "Qualcomm Robotics RB5 Platform"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD450"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "Smart Audio 100 Platform"
},
{
"status": "affected",
"version": "Smart Audio 200 Platform"
},
{
"status": "affected",
"version": "Smart Display 200 Platform (APQ5053-AA)"
},
{
"status": "affected",
"version": "Snapdragon 820 Automotive Platform"
},
{
"status": "affected",
"version": "Snapdragon 835 Mobile PC Platform"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF"
},
{
"status": "affected",
"version": "Snapdragon Wear 4100+ Platform"
},
{
"status": "affected",
"version": "Snapdragon X12 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 4G Modem"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "Vision Intelligence 100 Platform (APQ8053-AA)"
},
{
"status": "affected",
"version": "Vision Intelligence 200 Platform (APQ8053-AC)"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while allocating memory in COmxApeDec module in Audio."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:24:01.680Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Integer Overflow or Wraparound in Audio"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-28537",
"datePublished": "2023-08-08T09:15:01.370Z",
"dateReserved": "2023-03-17T11:41:45.844Z",
"dateUpdated": "2024-08-02T13:43:22.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21134
Vulnerability from cvelistv5
Published
2023-08-14 20:58
Modified
2024-10-09 19:11
Severity ?
EPSS score ?
Summary
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:01:52.546193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:11:41.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:58:11.888Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21134",
"datePublished": "2023-08-14T20:58:11.888Z",
"dateReserved": "2022-11-03T22:37:50.639Z",
"dateUpdated": "2024-10-09T19:11:41.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20965
Vulnerability from cvelistv5
Published
2023-08-14 20:48
Modified
2024-10-09 19:13
Severity ?
EPSS score ?
Summary
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:06:15.900756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:13:54.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:48:48.811Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a"
},
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad"
},
{
"url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-20965",
"datePublished": "2023-08-14T20:48:48.811Z",
"dateReserved": "2022-11-03T22:37:50.595Z",
"dateUpdated": "2024-10-09T19:13:54.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21276
Vulnerability from cvelistv5
Published
2023-08-14 21:02
Modified
2024-10-09 14:58
Severity ?
EPSS score ?
Summary
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/1272eec833fb49c30a4d8bdc432765e7c4413b3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:57:51.241986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:58:03.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:02:38.148Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/1272eec833fb49c30a4d8bdc432765e7c4413b3f"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21276",
"datePublished": "2023-08-14T21:02:38.148Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:58:03.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21292
Vulnerability from cvelistv5
Published
2023-08-14 21:08
Modified
2024-10-09 14:33
Severity ?
EPSS score ?
Summary
In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:33:20.907331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:33:32.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:08:54.963Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21292",
"datePublished": "2023-08-14T21:08:38.615Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-09T14:33:32.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21290
Vulnerability from cvelistv5
Published
2023-08-14 21:07
Modified
2024-10-09 14:34
Severity ?
EPSS score ?
Summary
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:34:11.772081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:34:21.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:07:55.891Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21290",
"datePublished": "2023-08-14T21:07:55.891Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-09T14:34:21.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21648
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Integer Overflow to Buffer Overflow in RIL
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in RIL while trying to send apdu packet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:40.522Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Integer Overflow to Buffer Overflow in RIL"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21648",
"datePublished": "2023-08-08T09:14:54.780Z",
"dateReserved": "2022-12-07T02:58:25.867Z",
"dateUpdated": "2024-08-02T09:44:01.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21275
Vulnerability from cvelistv5
Published
2023-08-14 21:01
Modified
2024-10-09 14:59
Severity ?
EPSS score ?
Summary
In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/8277a2a946e617a7ea65056e4cedeb1fecf3a5f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:58:46.346600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:59:48.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:55.530Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/8277a2a946e617a7ea65056e4cedeb1fecf3a5f5"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21275",
"datePublished": "2023-08-14T21:01:55.530Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:59:48.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21264
Vulnerability from cvelistv5
Published
2023-08-14 20:59
Modified
2024-10-09 14:25
Severity ?
EPSS score ?
Summary
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/kernel/common/+/b35a06182451f"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/kernel/common/+/53625a846a7b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:24:52.906848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:25:06.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:10.345Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/kernel/common/+/b35a06182451f"
},
{
"url": "https://android.googlesource.com/kernel/common/+/53625a846a7b4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21264",
"datePublished": "2023-08-14T20:59:10.345Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-10-09T14:25:06.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21283
Vulnerability from cvelistv5
Published
2023-08-14 21:05
Modified
2024-10-09 14:45
Severity ?
EPSS score ?
Summary
In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:45:44.723417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:45:55.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:05:55.410Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21283",
"datePublished": "2023-08-14T21:05:55.410Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:45:55.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21286
Vulnerability from cvelistv5
Published
2023-08-14 21:06
Modified
2024-10-09 14:42
Severity ?
EPSS score ?
Summary
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/a65429742caf05205ea7f1c2fdd1119ca652b810"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:40:47.084796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:42:17.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:06:38.355Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/a65429742caf05205ea7f1c2fdd1119ca652b810"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21286",
"datePublished": "2023-08-14T21:06:38.355Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:42:17.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21274
Vulnerability from cvelistv5
Published
2023-08-14 21:01
Modified
2024-10-09 15:02
Severity ?
EPSS score ?
Summary
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:02:44.883376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:02:59.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:43.205Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21274",
"datePublished": "2023-08-14T21:01:43.205Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T15:02:59.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21287
Vulnerability from cvelistv5
Published
2023-08-14 21:06
Modified
2024-10-09 14:39
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:admob:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "admob",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
},
{
"status": "affected",
"version": "13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:37:29.122726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:39:52.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:06:53.599Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21287",
"datePublished": "2023-08-14T21:06:51.823Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-09T14:39:52.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21175
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:25.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-28T00:00:00",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-06-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21175",
"datePublished": "2023-06-28T00:00:00",
"dateReserved": "2022-11-03T00:00:00",
"dateUpdated": "2024-08-02T09:28:25.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21142
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:25.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-06-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-11 Android-12 Android-12L Android-13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-06-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21142",
"datePublished": "2023-06-15T00:00:00",
"dateReserved": "2022-11-03T00:00:00",
"dateUpdated": "2024-08-02T09:28:25.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21280
Vulnerability from cvelistv5
Published
2023-08-14 21:04
Modified
2024-10-09 14:51
Severity ?
EPSS score ?
Summary
In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/06e772e05514af4aa427641784c5eec39a892ed3"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:50:52.065140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:51:09.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:04:48.201Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/06e772e05514af4aa427641784c5eec39a892ed3"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21280",
"datePublished": "2023-08-14T21:04:48.201Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:51:09.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21650
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Improper Validation of Array Index in GPS HLOS Driver
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:47.380Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Improper Validation of Array Index in GPS HLOS Driver"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21650",
"datePublished": "2023-08-08T09:14:57.016Z",
"dateReserved": "2022-12-07T02:58:25.867Z",
"dateUpdated": "2024-08-02T09:44:01.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21627
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Incorrect Type Conversion or Cast in Trusted Execution Environment
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCS8155"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in Trusted Execution Environment while calling service API with invalid address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:30.366Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Incorrect Type Conversion or Cast in Trusted Execution Environment"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-21627",
"datePublished": "2023-08-08T09:14:51.673Z",
"dateReserved": "2022-12-07T02:58:25.864Z",
"dateUpdated": "2024-08-02T09:44:01.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21284
Vulnerability from cvelistv5
Published
2023-08-14 21:06
Modified
2024-10-09 14:44
Severity ?
EPSS score ?
Summary
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/ed3f25b7222d4cff471f2b7d22d1150348146957"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:43:59.814341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:44:30.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:06:09.845Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/ed3f25b7222d4cff471f2b7d22d1150348146957"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21284",
"datePublished": "2023-08-14T21:06:09.845Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:44:30.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21265
Vulnerability from cvelistv5
Published
2023-08-14 20:59
Modified
2024-10-09 19:08
Severity ?
EPSS score ?
Summary
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:05:02.348379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:08:41.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:59:28.509Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21265",
"datePublished": "2023-08-14T20:59:28.509Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-10-09T19:08:41.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21272
Vulnerability from cvelistv5
Published
2023-08-14 21:01
Modified
2024-10-09 15:14
Severity ?
EPSS score ?
Summary
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/4dea696369a309cf39daa3e94fec7156c290a9c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "12l"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:08:38.155174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:14:06.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:01:10.248Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/4dea696369a309cf39daa3e94fec7156c290a9c2"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21272",
"datePublished": "2023-08-14T21:01:10.248Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-10-09T15:14:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21140
Vulnerability from cvelistv5
Published
2023-08-14 20:58
Modified
2024-10-09 19:10
Severity ?
EPSS score ?
Summary
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:25.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:01:51.514540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:10:39.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that\u0027s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T20:58:27.348Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21140",
"datePublished": "2023-08-14T20:58:27.348Z",
"dateReserved": "2022-11-03T22:37:50.640Z",
"dateUpdated": "2024-10-09T19:10:39.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21278
Vulnerability from cvelistv5
Published
2023-08-14 21:03
Modified
2024-10-09 14:55
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/49773f9d871dd8975128fccf71513928a5a97345"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:54:58.178478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:55:10.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T21:03:27.874Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/49773f9d871dd8975128fccf71513928a5a97345"
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21278",
"datePublished": "2023-08-14T21:03:27.874Z",
"dateReserved": "2022-11-03T22:37:50.655Z",
"dateUpdated": "2024-10-09T14:55:10.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40510
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Buffer copy without checking size of input in Audio.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Qualcomm, Inc. | Snapdragon |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8009_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8009w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8017_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8037_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8064au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8076_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8096au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqt1000_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar8031_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar8035_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6620_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csra6640_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "csrb31024_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm8207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9150_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9206_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9207_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9250_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9607_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9628_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9640_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mdm9650_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8108_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8208_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8209_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8608_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8909w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8917_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8920_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8937_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8940_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "msm8996au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:pm8937_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pm8937_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qam8295p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca4020_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6174a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6310_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6320_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6335_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6390_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6391_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6420_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6421_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6426_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6430_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6431_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6436_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6564au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574a_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6574au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6584au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6595_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6595au_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca6696_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca8081_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca8337_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca9367_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca9377_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca9379_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qca9984_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcc5100_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcc5100_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm2290_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm4290_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm6125_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm6490_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn6024_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9011_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9012_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9024_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcn9074_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs2290_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs405_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs410_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs4290_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs603_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs605_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs610_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs6125_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs6490_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcx315_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrb5165_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrb5165m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qrb5165n_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qsm8250_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qualcomm215_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa415m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa515m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6145p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6155_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa6155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8155_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8155p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8195p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sa8295p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_455_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_455_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_636_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_675_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_8_gen1_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_8cx_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_8cx_gen2_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd_8cx_gen3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd_8cx_gen3_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd205_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd210_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd429_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd439_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd450_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd460_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd480_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd625_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd626_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd632_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd632_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd660_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd662_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd665_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd670_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd675_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd678_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd680_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd690_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd695_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd710_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd710_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd712_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd712_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd720g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd730_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd750g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd765_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd765g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd768g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd778g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd780g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd7c_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd820_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd845_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd855_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd865_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd870_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd888_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sda429w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm429w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm630_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdw2500_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx12_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx20_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx24_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx50m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx55_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx55m_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdx65_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdxr1_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdxr2_5g_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm4125_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm4375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm4375_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm6250_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm6250p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm7250p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sm7325p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sw5100p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sxr2150p_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9306_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9326_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9330_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9335_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9340_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9341_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9360_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9370_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9371_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9375_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3610_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3615_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3620_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3660_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3660b_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3680_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3680b_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3910_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3950_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3980_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3988_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3990_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3991_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3998_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3999_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6740_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6750_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6851_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6855_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn6856_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7850_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn7851_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8810_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8815_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:14:19.816575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:14:29.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon IoT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables",
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009"
},
{
"status": "affected",
"version": "APQ8009W"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8037"
},
{
"status": "affected",
"version": "APQ8064AU"
},
{
"status": "affected",
"version": "APQ8076"
},
{
"status": "affected",
"version": "APQ8096AU"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "MDM8207"
},
{
"status": "affected",
"version": "MDM9150"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9207"
},
{
"status": "affected",
"version": "MDM9250"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MDM9640"
},
{
"status": "affected",
"version": "MDM9650"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8909W"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8920"
},
{
"status": "affected",
"version": "MSM8937"
},
{
"status": "affected",
"version": "MSM8940"
},
{
"status": "affected",
"version": "MSM8996AU"
},
{
"status": "affected",
"version": "PM8937"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA4020"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCA9379"
},
{
"status": "affected",
"version": "QCA9984"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS603"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCX315"
},
{
"status": "affected",
"version": "QRB5165"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SC8180X+SDX55"
},
{
"status": "affected",
"version": "SD 455"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD 8cx Gen2"
},
{
"status": "affected",
"version": "SD 8cx Gen3"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD450"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD712"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD7c"
},
{
"status": "affected",
"version": "SD820"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD850"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDW2500"
},
{
"status": "affected",
"version": "SDX12"
},
{
"status": "affected",
"version": "SDX20"
},
{
"status": "affected",
"version": "SDX24"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM4375"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "WCD9306"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:23:19.699Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
}
],
"title": "Buffer copy without checking size of input in Audio."
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-40510",
"datePublished": "2023-08-08T09:14:48.400Z",
"dateReserved": "2022-09-12T09:37:28.414Z",
"dateUpdated": "2024-08-03T12:21:46.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21270
Vulnerability from cvelistv5
Published
2024-11-19 18:00
Modified
2024-11-20 16:35
Severity ?
EPSS score ?
Summary
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "sc-dev"
},
{
"status": "affected",
"version": "sc-v2-dev"
},
{
"status": "affected",
"version": "tm-dev"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:32:43.516798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:35:48.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Andrioid",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "sc-dev"
},
{
"status": "affected",
"version": "sc-v2-dev"
},
{
"status": "affected",
"version": "tm-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:00:47.701Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2023-08-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21270",
"datePublished": "2024-11-19T18:00:47.701Z",
"dateReserved": "2022-11-03T22:37:50.654Z",
"dateUpdated": "2024-11-20T16:35:48.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-21267
Vulnerability from cvelistv5
Published
2023-08-14 20:59
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T14:54:32.382055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:45.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:28:26.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2024-04-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T21:01:28.673Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c"
},
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394"
},
{
"url": "https://source.android.com/security/bulletin/2024-04-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21267",
"datePublished": "2023-08-14T20:59:41.378Z",
"dateReserved": "2022-11-03T22:37:50.653Z",
"dateUpdated": "2024-08-02T09:28:26.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.