Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2539
Vulnerability from csaf_certbund
Published
2023-10-03 22:00
Modified
2023-10-03 22:00
Summary
Samsung Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und seine Rechte zu erweitern.
Betroffene Betriebssysteme
- Android
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und seine Rechte zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- Android", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2539 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2539.json" }, { "category": "self", "summary": "WID-SEC-2023-2539 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2539" }, { "category": "external", "summary": "Samsung Security Advisory - SMR-OCT-2023 vom 2023-10-03", "url": "https://security.samsungmobile.com/securityUpdate.smsb" } ], "source_lang": "en-US", "title": "Samsung Android: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-03T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:46:28.375+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2539", "initial_release_date": "2023-10-03T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-03T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Samsung Android 11", "product": { "name": "Samsung Android 11", "product_id": "T027557", "product_identification_helper": { "cpe": "cpe:/o:samsung:android:11" } } }, { "category": "product_name", "name": "Samsung Android 12", "product": { "name": "Samsung Android 12", "product_id": "T027558", "product_identification_helper": { "cpe": "cpe:/o:samsung:android:12" } } }, { "category": "product_name", "name": "Samsung Android 13", "product": { "name": "Samsung Android 13", "product_id": "T030187", "product_identification_helper": { "cpe": "cpe:/o:samsung:android:13" } } } ], "category": "product_name", "name": "Android" } ], "category": "vendor", "name": "Samsung" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40140", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40140" }, { "cve": "CVE-2023-40139", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40139" }, { "cve": "CVE-2023-40138", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40138" }, { "cve": "CVE-2023-40137", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40137" }, { "cve": "CVE-2023-40136", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40136" }, { "cve": "CVE-2023-40135", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40135" }, { "cve": "CVE-2023-40134", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40134" }, { "cve": "CVE-2023-40133", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40133" }, { "cve": "CVE-2023-40131", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40131" }, { "cve": "CVE-2023-40130", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40130" }, { "cve": "CVE-2023-40129", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40129" }, { "cve": "CVE-2023-40128", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40128" }, { "cve": "CVE-2023-40127", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40127" }, { "cve": "CVE-2023-40125", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40125" }, { "cve": "CVE-2023-40123", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40123" }, { "cve": "CVE-2023-40121", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40121" }, { "cve": "CVE-2023-40120", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40120" }, { "cve": "CVE-2023-40117", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40117" }, { "cve": "CVE-2023-40116", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-40116" }, { "cve": "CVE-2023-33021", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-33021" }, { "cve": "CVE-2023-33019", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-33019" }, { "cve": "CVE-2023-33016", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-33016" }, { "cve": "CVE-2023-33015", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-33015" }, { "cve": "CVE-2023-30733", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30733" }, { "cve": "CVE-2023-30732", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30732" }, { "cve": "CVE-2023-30731", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30731" }, { "cve": "CVE-2023-30727", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30727" }, { "cve": "CVE-2023-30692", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30692" }, { "cve": "CVE-2023-30690", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-30690" }, { "cve": "CVE-2023-28584", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-28584" }, { "cve": "CVE-2023-28581", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-28581" }, { "cve": "CVE-2023-28573", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-28573" }, { "cve": "CVE-2023-28549", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-28549" }, { "cve": "CVE-2023-21653", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21653" }, { "cve": "CVE-2023-21646", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21646" }, { "cve": "CVE-2023-21291", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21291" }, { "cve": "CVE-2023-21266", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21266" }, { "cve": "CVE-2023-21253", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21253" }, { "cve": "CVE-2023-21252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21252" }, { "cve": "CVE-2023-21244", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Dieser Hinweis ist Teil des monatlichen Security Maintenance Release (SMR) Prozesses. Dieses SMR-Paket enth\u00e4lt Patches von Google und Samsung. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer beliebigen Code ausf\u00fchren, Sicherheitsma\u00dfnahmen umgehen, vertrauliche Informationen offenlegen und seine Privilegien ausweiten. Zur Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich." } ], "product_status": { "known_affected": [ "T027557", "T027558", "T030187" ] }, "release_date": "2023-10-03T22:00:00Z", "title": "CVE-2023-21244" } ] }
cve-2023-21244
Vulnerability from cvelistv5
Published
2023-10-06 18:48
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:26.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T18:32:17.051Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3" }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef" }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21244", "datePublished": "2023-10-06T18:48:40.041Z", "dateReserved": "2022-11-03T22:37:50.652Z", "dateUpdated": "2024-08-02T09:28:26.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40130
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:46
Severity ?
EPSS score ?
Summary
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0l:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "12.0" }, { "status": "affected", "version": "12.0l" }, { "status": "affected", "version": "13.0" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-40130", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:42:40.984572Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:46:05.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:57.878Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/5b335401d1c8de7d1c85f4a0cf353f7f9fc30218" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40130", "datePublished": "2023-10-27T20:22:57.878Z", "dateReserved": "2023-08-09T02:29:33.869Z", "dateUpdated": "2024-09-09T19:46:05.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40140
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:38
Severity ?
EPSS score ?
Summary
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0l:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "12.0" }, { "status": "affected", "version": "12.0l" }, { "status": "affected", "version": "13.0" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-40140", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:35:47.123987Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:38:12.376Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:59.679Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40140", "datePublished": "2023-10-27T20:22:59.679Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:38:12.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21653
Vulnerability from cvelistv5
Published
2023-09-05 06:23
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Transient DOS in Modem while processing RRC reconfiguration message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SDX65 Version: SDX70M Version: WCD9380 Version: WCN6855 Version: WCN6856 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ar8035_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8081_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8337_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn6024_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9024_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx65_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx70m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx70m_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9380_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6855_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6856_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-21653", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T19:51:30.562905Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:49.902Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T09:44:01.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDX70M" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in Modem while processing RRC reconfiguration message." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:21:38.721Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Reachable Assertion in Modem" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-21653", "datePublished": "2023-09-05T06:23:56.700Z", "dateReserved": "2022-12-07T02:58:25.868Z", "dateUpdated": "2024-08-02T09:44:01.946Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30690
Vulnerability from cvelistv5
Published
2023-10-04 03:01
Modified
2024-09-19 19:38
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:28:52.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30690", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T19:38:24.258506Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T19:38:35.899Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20 Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T03:01:38.598Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30690", "datePublished": "2023-10-04T03:01:38.598Z", "dateReserved": "2023-04-14T01:59:51.125Z", "dateUpdated": "2024-09-19T19:38:35.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40128
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 14:44
Severity ?
EPSS score ?
Summary
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "12.0" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40128", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:42:23.625882Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:44:35.111Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:57.517Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40128", "datePublished": "2023-10-27T20:22:57.517Z", "dateReserved": "2023-08-09T02:29:33.869Z", "dateUpdated": "2024-09-09T14:44:35.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40135
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:41
Severity ?
EPSS score ?
Summary
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40135", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:40:49.285066Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:41:08.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In applyCustomDescription of SaveUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:58.641Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40135", "datePublished": "2023-10-27T20:22:58.641Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:41:08.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30733
Vulnerability from cvelistv5
Published
2023-10-04 03:02
Modified
2024-08-02 14:37
Severity ?
EPSS score ?
Summary
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:15.108Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": " CWE-121: Stack-based Buffer Overflow", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-05T07:37:18.226Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30733", "datePublished": "2023-10-04T03:02:46.316Z", "dateReserved": "2023-04-14T01:59:51.138Z", "dateUpdated": "2024-08-02T14:37:15.108Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28581
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QCA6391 Version: QCA6426 Version: QCA6436 Version: SD 8 Gen1 5G Version: SD865 5G Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon XR2 5G Platform Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: WCD9380 Version: WCD9385 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:22:55.750Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Firmware" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-28581", "datePublished": "2023-09-05T06:24:26.366Z", "dateReserved": "2023-03-17T11:41:45.852Z", "dateUpdated": "2024-08-02T13:43:22.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40117
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.374Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/11815817de2f2d70fe842b108356a1bc75d44ffb" }, { "url": "https://android.googlesource.com/platform/frameworks/base/+/ff86ff28cf82124f8e65833a2dd8c319aea08945" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40117", "datePublished": "2023-10-27T20:22:56.374Z", "dateReserved": "2023-08-09T02:29:31.890Z", "dateUpdated": "2024-08-02T18:24:55.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40123
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 14:48
Severity ?
EPSS score ?
Summary
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.588Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40123", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:47:51.003530Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:48:21.937Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.908Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40123", "datePublished": "2023-10-27T20:22:56.908Z", "dateReserved": "2023-08-09T02:29:33.868Z", "dateUpdated": "2024-09-09T14:48:21.937Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21253
Vulnerability from cvelistv5
Published
2023-10-06 18:48
Modified
2024-09-19 16:07
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:26.122Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21253", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T16:06:19.036040Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T16:07:50.031Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:55.310Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/84df68840b6f2407146e722ebd95a7d8bc6e3529" }, { "url": "https://android.googlesource.com/platform/tools/apksig/+/039f815895f62c9f8af23df66622b66246f3f61e" }, { "url": "https://android.googlesource.com/platform/tools/apksig/+/41d882324288085fd32ae0bb70dc85f5fd0e2be7" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21253", "datePublished": "2023-10-06T18:48:40.422Z", "dateReserved": "2022-11-03T22:37:50.652Z", "dateUpdated": "2024-09-19T16:07:50.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21291
Vulnerability from cvelistv5
Published
2023-10-06 18:48
Modified
2024-09-19 16:01
Severity ?
EPSS score ?
Summary
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21291", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T15:58:24.714618Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T16:01:03.988Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.019Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21291", "datePublished": "2023-10-06T18:48:40.793Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-19T16:01:03.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21646
Vulnerability from cvelistv5
Published
2023-09-05 06:23
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Transient DOS in Modem while processing invalid System Information Block 1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: AR8035 Version: QCA6390 Version: QCA6391 Version: QCA6574A Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS6490 Version: QCX315 Version: SA515M Version: SD 8 Gen1 5G Version: SD480 Version: SD690 5G Version: SD695 Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD865 5G Version: SD870 Version: SD888 5G Version: SDX55 Version: SDX55M Version: SDX65 Version: SDX70M Version: SM7250P Version: SM7325P Version: Snapdragon 4 Gen 1 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3988 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ar8035_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6390_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6391_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6595au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6696_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8081_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8337_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcm6490_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn6024_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9024_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs6490_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcx315_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa515m_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_8_gen1_5g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd480_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd690_5g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd695_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd765_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd765g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd768g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd778g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd780g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd865_5g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd870_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd888_5g_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx55_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx55m_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx65_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx70m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx70m_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm7250p_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm7325p_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_4_gen_1_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_4_gen_1_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9341_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9360_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9370_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9375_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9380_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9385_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3988_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3991_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3998_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6740_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6750_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6850_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6851_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6855_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6856_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn7850_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn7851_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8810_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8815_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8830_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8835_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-21646", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T19:51:32.518961Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:41.852Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T09:44:02.064Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Industrial IOT", "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDX70M" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "Snapdragon 4 Gen 1" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in Modem while processing invalid System Information Block 1." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:21:35.070Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Reachable Assertion in Modem" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-21646", "datePublished": "2023-09-05T06:23:55.261Z", "dateReserved": "2022-12-07T02:58:25.867Z", "dateUpdated": "2024-08-02T09:44:02.064Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40131
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:58.077Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40131", "datePublished": "2023-10-27T20:22:58.077Z", "dateReserved": "2023-08-09T02:29:33.869Z", "dateUpdated": "2024-08-02T18:24:55.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40121
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 14:49
Severity ?
EPSS score ?
Summary
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40121", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:49:12.393745Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:49:22.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.725Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/3287ac2d2565dc96bf6177967f8e3aed33954253" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40121", "datePublished": "2023-10-27T20:22:56.725Z", "dateReserved": "2023-08-09T02:29:31.894Z", "dateUpdated": "2024-09-09T14:49:22.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33019
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: 9206 LTE Modem Version: APQ8017 Version: APQ8052 Version: APQ8056 Version: APQ8076 Version: AR8031 Version: C-V2X 9150 Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: Home Hub 100 Platform Version: MDM9250 Version: MDM9628 Version: MDM9650 Version: MSM8108 Version: MSM8209 Version: MSM8608 Version: MSM8909W Version: MSM8996AU Version: QCA6174A Version: QCA6175A Version: QCA6554A Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584 Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: Qualcomm 205 Mobile Platform Version: Qualcomm 215 Mobile Platform Version: SD626 Version: SDM429W Version: SDX20M Version: Smart Audio 200 Platform Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 1200 Wearable Platform Version: Snapdragon 208 Processor Version: Snapdragon 210 Processor Version: Snapdragon 212 Mobile Platform Version: Snapdragon 425 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 450 Mobile Platform Version: Snapdragon 617 Processor Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 650 Mobile Platform Version: Snapdragon 652 Mobile Platform Version: Snapdragon 653 Mobile Platform Version: Snapdragon 820 Automotive Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon Wear 2100 Platform Version: Snapdragon Wear 2500 Platform Version: Snapdragon Wear 3100 Platform Version: Snapdragon Wear 4100+ Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X20 LTE Modem Version: Snapdragon X5 LTE Modem Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3980 Version: WSA8810 Version: WSA8815 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "9206_lte_modem_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8017_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8052_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8056_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8076_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ar8031_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:c-v2x_9150_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "c-v2x_9150_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "csra6620_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "csra6640_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fastconnect_6200_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:home_hub_100_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "home_hub_100_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9250_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9628_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9650_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8108_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8209_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8608_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8909w_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8996au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6174a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6175a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6175a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6554a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6554a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6564a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6564au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574a_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6584_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6584au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6595_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6595au_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6696_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9367_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9377_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9379_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qualcomm_205_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qualcomm_205_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qualcomm_215_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qualcomm_215_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd626_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdm429w_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx20m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx20m_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:smart_audio_200_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "smart_audio_200_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:smart_audio_400_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "smart_audio_400_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_1200_wearable_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_208_processor_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_208_processor_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_210_processor_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_210_processor_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_212_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_212_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_425_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_425_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_429_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_439_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_439_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_450_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_450_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_617_processor_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_617_processor_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_625_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_625_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_626_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_626_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_632_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_632_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_650_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_650_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_652_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_652_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_653_mobile_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_653_mobile_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_820_automotive_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_820_automotive_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_auto_5g_modem-rf_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_wear_2100_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_wear_2100_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_wear_2500_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_wear_2500_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_wear_3100_platform_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_wear_3100_platform_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_x12_lte_modem_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_x12_lte_modem_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_x20_lte_modem_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_x20_lte_modem_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon_x5_lte_modem_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9326_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9330_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9335_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3610_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3615_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3620_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3660_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3660b_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3680_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3680b_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3980_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8810_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8815_firmware", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "*" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-33019", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T19:51:28.250756Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:22:06.151Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "9206 LTE Modem" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8052" }, { "status": "affected", "version": "APQ8056" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "C-V2X 9150" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "Home Hub 100 Platform" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6175A" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "Qualcomm 205 Mobile Platform" }, { "status": "affected", "version": "Qualcomm 215 Mobile Platform" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDX20M" }, { "status": "affected", "version": "Smart Audio 200 Platform" }, { "status": "affected", "version": "Smart Audio 400 Platform" }, { "status": "affected", "version": "Smart Display 200 Platform (APQ5053-AA)" }, { "status": "affected", "version": "Snapdragon 1200 Wearable Platform" }, { "status": "affected", "version": "Snapdragon 208 Processor" }, { "status": "affected", "version": "Snapdragon 210 Processor" }, { "status": "affected", "version": "Snapdragon 212 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 425 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 429 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 439 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 450 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 617 Processor" }, { "status": "affected", "version": "Snapdragon 625 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 626 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 632 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 650 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 652 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 653 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 820 Automotive Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon Wear 2100 Platform" }, { "status": "affected", "version": "Snapdragon Wear 2500 Platform" }, { "status": "affected", "version": "Snapdragon Wear 3100 Platform" }, { "status": "affected", "version": "Snapdragon Wear 4100+ Platform" }, { "status": "affected", "version": "Snapdragon X12 LTE Modem" }, { "status": "affected", "version": "Snapdragon X20 LTE Modem" }, { "status": "affected", "version": "Snapdragon X5 LTE Modem" }, { "status": "affected", "version": "Vision Intelligence 100 Platform (APQ8053-AA)" }, { "status": "affected", "version": "Vision Intelligence 200 Platform (APQ8053-AC)" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:09.464Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Improper Authorization in WLAN Host" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-33019", "datePublished": "2023-09-05T06:24:31.530Z", "dateReserved": "2023-05-17T09:28:53.119Z", "dateUpdated": "2024-08-02T15:32:46.604Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40127
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 14:45
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.607Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40127", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:45:37.325429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:45:48.814Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:57.293Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/747431250612507e8289ae8eb1a56303e79ab678" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40127", "datePublished": "2023-10-27T20:22:57.293Z", "dateReserved": "2023-08-09T02:29:33.869Z", "dateUpdated": "2024-09-09T14:45:48.814Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33015
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AQT1000 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ4018 Version: IPQ4028 Version: IPQ4029 Version: IPQ5010 Version: IPQ5028 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8069 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071A Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: PMP8074 Version: QAM8255P Version: QAM8295P Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4024 Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6428 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6438 Version: QCA6554A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8337 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9898 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9986 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCM4490 Version: QCM6490 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6122 Version: QCN6132 Version: QCN7605 Version: QCN7606 Version: QCN9000 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCS4490 Version: QCS6490 Version: QCS8250 Version: QCS8550 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: Robotics RB5 Platform Version: SA4150P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SC8180X+SDX55 Version: SD 8 Gen1 5G Version: SD865 5G Version: SD888 Version: SDX55 Version: SM7315 Version: SM7325P Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2130 Version: SXR2230P Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3980 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.747Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "315 5G IoT Modem" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "Flight RB5 5G Platform" }, { "status": "affected", "version": "Immersive Home 214 Platform" }, { "status": "affected", "version": "Immersive Home 216 Platform" }, { "status": "affected", "version": "Immersive Home 316 Platform" }, { "status": "affected", "version": "Immersive Home 318 Platform" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8069" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8255P" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6678AQ" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA6797AQ" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM4490" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN7605" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCS4490" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8250" }, { "status": "affected", "version": "QCS8550" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Robotics RB5 Platform" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8255P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "Snapdragon 778G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)" }, { "status": "affected", "version": "Snapdragon 780G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 782G Mobile Platform (SM7325-AF)" }, { "status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 8+ Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon 888 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon X55 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X65 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "Snapdragon XR2+ Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 4G Modem" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2130" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:02.568Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Buffer Over-read in WLAN Firmware" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-33015", "datePublished": "2023-09-05T06:24:29.035Z", "dateReserved": "2023-05-17T09:28:53.119Z", "dateUpdated": "2024-08-02T15:32:46.747Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33016
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: CSR8811 Version: FastConnect 6900 Version: FastConnect 7800 Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ5010 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8070A Version: IPQ8071A Version: IPQ8072A Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9574 Version: QCA4024 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8386 Version: QCA9888 Version: QCA9889 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS8550 Version: SD 8 Gen1 5G Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon AR2 Gen 1 Platform Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: WCD9380 Version: WCD9385 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.662Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "Immersive Home 214 Platform" }, { "status": "affected", "version": "Immersive Home 216 Platform" }, { "status": "affected", "version": "Immersive Home 316 Platform" }, { "status": "affected", "version": "Immersive Home 318 Platform" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS8550" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN firmware while parsing MLO (multi-link operation)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:06.061Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Buffer Over-read in WLAN Firmware" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-33016", "datePublished": "2023-09-05T06:24:30.323Z", "dateReserved": "2023-05-17T09:28:53.119Z", "dateUpdated": "2024-08-02T15:32:46.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30732
Vulnerability from cvelistv5
Published
2023-10-04 03:02
Modified
2024-09-19 19:35
Severity ?
EPSS score ?
Summary
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30732", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T19:35:49.673666Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T19:35:59.842Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-284: Improper Access Control", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T03:02:45.309Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30732", "datePublished": "2023-10-04T03:02:45.309Z", "dateReserved": "2023-04-14T01:59:51.138Z", "dateUpdated": "2024-09-19T19:35:59.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40133
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:42
Severity ?
EPSS score ?
Summary
In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.401Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40133", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:42:05.799419Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:42:17.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations of DialogFillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:58.290Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40133", "datePublished": "2023-10-27T20:22:58.290Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:42:17.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40125
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:57.089Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/63d464c3fa5c7b9900448fef3844790756e557eb" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40125", "datePublished": "2023-10-27T20:22:57.089Z", "dateReserved": "2023-08-09T02:29:33.868Z", "dateUpdated": "2024-08-02T18:24:55.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28549
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AQT1000 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ4018 Version: IPQ4019 Version: IPQ4028 Version: IPQ4029 Version: IPQ5010 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071 Version: IPQ8071A Version: IPQ8072 Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: PMP8074 Version: QAM8295P Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4024 Version: QCA6310 Version: QCA6320 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6428 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6438 Version: QCA6554A Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6696 Version: QCA6698AQ Version: QCA7500 Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8337 Version: QCA8386 Version: QCA9880 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9898 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9986 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCM4490 Version: QCM6490 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5064 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN5550 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS4490 Version: QCS6490 Version: QCS8250 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: Qualcomm Robotics RB5 Platform Version: SA4150P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SC8180X+SDX55 Version: SD 455 Version: SD 8 Gen1 5G Version: SD660 Version: SD835 Version: SD865 5G Version: SD888 Version: SDX55 Version: SM4450 Version: SM7250P Version: SM7315 Version: SM7325P Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 630 Mobile Platform Version: Snapdragon 636 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SSG2115P Version: SSG2125P Version: SW5100 Version: SW5100P Version: SXR1230P Version: SXR2130 Version: SXR2230P Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "315 5G IoT Modem" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "Flight RB5 5G Platform" }, { "status": "affected", "version": "Immersive Home 214 Platform" }, { "status": "affected", "version": "Immersive Home 216 Platform" }, { "status": "affected", "version": "Immersive Home 316 Platform" }, { "status": "affected", "version": "Immersive Home 318 Platform" }, { "status": "affected", "version": "IPQ4018" }, { "status": "affected", "version": "IPQ4019" }, { "status": "affected", "version": "IPQ4028" }, { "status": "affected", "version": "IPQ4029" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6428" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6438" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6678AQ" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA7500" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9880" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9898" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM4490" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5064" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN5550" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS4490" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8250" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Qualcomm Robotics RB5 Platform" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SM4450" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "Snapdragon 4 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 480 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)" }, { "status": "affected", "version": "Snapdragon 630 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 636 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 660 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 690 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 695 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 750G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)" }, { "status": "affected", "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)" }, { "status": "affected", "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)" }, { "status": "affected", "version": "Snapdragon 778G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)" }, { "status": "affected", "version": "Snapdragon 780G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 782G Mobile Platform (SM7325-AF)" }, { "status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 8+ Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 835 Mobile PC Platform" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon 888 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon W5+ Gen 1 Wearable Platform" }, { "status": "affected", "version": "Snapdragon X55 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X65 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "Snapdragon XR2+ Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 4G Modem" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2130" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:22:17.450Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN HAL" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-28549", "datePublished": "2023-09-05T06:24:11.272Z", "dateReserved": "2023-03-17T11:41:45.846Z", "dateUpdated": "2024-08-02T13:43:22.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40137
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:39
Severity ?
EPSS score ?
Summary
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.357Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40137", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:39:47.773324Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:39:59.719Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple functions of DialogFillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:59.038Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40137", "datePublished": "2023-10-27T20:22:59.038Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:39:59.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40138
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:39
Severity ?
EPSS score ?
Summary
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40138", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:39:19.419649Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:39:28.100Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In FillUi of FillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:59.315Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40138", "datePublished": "2023-10-27T20:22:59.315Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:39:28.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28584
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6900 Version: FastConnect 7800 Version: QAM8255P Version: QAM8295P Version: QCA6310 Version: QCA6320 Version: QCA6420 Version: QCA6430 Version: QCA6554A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCM4325 Version: QCM4490 Version: QCS410 Version: QCS4490 Version: QCS610 Version: QCS8550 Version: SA4150P Version: SA6155P Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SD 8 Gen1 5G Version: SD835 Version: SD855 Version: SG4150P Version: SM4450 Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon Auto 4G Modem Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2230P Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:23.661Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "QAM8255P" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA6797AQ" }, { "status": "affected", "version": "QCM4325" }, { "status": "affected", "version": "QCM4490" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4490" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS8550" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8255P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SG4150P" }, { "status": "affected", "version": "SM4450" }, { "status": "affected", "version": "Snapdragon 680 4G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 8+ Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 835 Mobile PC Platform" }, { "status": "affected", "version": "Snapdragon 855 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon Auto 4G Modem" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:22:59.118Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Improper Authorization in WLAN Host" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-28584", "datePublished": "2023-09-05T06:24:27.838Z", "dateReserved": "2023-03-17T11:41:45.852Z", "dateUpdated": "2024-08-02T13:43:23.661Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40129
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 14:41
Severity ?
EPSS score ?
Summary
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "12.0" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40129", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T14:37:30.229093Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T14:41:13.584Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:57.693Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c0151aa3ba76c785b32c7f9d16c98febe53017b1" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40129", "datePublished": "2023-10-27T20:22:57.693Z", "dateReserved": "2023-08-09T02:29:33.869Z", "dateUpdated": "2024-09-09T14:41:13.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30692
Vulnerability from cvelistv5
Published
2023-10-04 03:02
Modified
2024-09-19 19:37
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30692", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T19:37:40.989137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T19:37:50.672Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20 Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T03:02:14.369Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30692", "datePublished": "2023-10-04T03:02:14.369Z", "dateReserved": "2023-04-14T01:59:51.126Z", "dateUpdated": "2024-09-19T19:37:50.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30731
Vulnerability from cvelistv5
Published
2023-10-04 03:02
Modified
2024-09-19 19:36
Severity ?
EPSS score ?
Summary
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.800Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30731", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T19:36:27.433110Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T19:36:40.943Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20 Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T03:02:44.271Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30731", "datePublished": "2023-10-04T03:02:44.271Z", "dateReserved": "2023-04-14T01:59:51.138Z", "dateUpdated": "2024-09-19T19:36:40.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40116
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.201Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/18c3b194642f3949d09e48c21da5658fa04994c8" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40116", "datePublished": "2023-10-27T20:22:56.201Z", "dateReserved": "2023-08-09T02:29:31.890Z", "dateUpdated": "2024-08-02T18:24:55.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28573
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
Memory corruption in WLAN HAL while parsing WMI command parameters.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AQT1000 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: Immersive Home 214 Platform Version: Immersive Home 216 Platform Version: Immersive Home 316 Platform Version: Immersive Home 318 Platform Version: IPQ5010 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8070 Version: IPQ8070A Version: IPQ8071 Version: IPQ8071A Version: IPQ8072 Version: IPQ8072A Version: IPQ8074 Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9008 Version: IPQ9574 Version: PMP8074 Version: QAM8255P Version: QAM8295P Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4024 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6554A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8337 Version: QCA8386 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9986 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCM4490 Version: QCM6490 Version: QCN5021 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9001 Version: QCN9002 Version: QCN9003 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS4490 Version: QCS6490 Version: QCS8250 Version: QCS8550 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: Robotics RB5 Platform Version: SA4150P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SC8180X+SDX55 Version: SD 8 Gen1 5G Version: SD865 5G Version: SD888 Version: SDX55 Version: SM7315 Version: SM7325P Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Version: Snapdragon AR2 Gen 1 Platform Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SSG2115P Version: SSG2125P Version: SXR1230P Version: SXR2130 Version: SXR2230P Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3980 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.725Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer Electronics Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "315 5G IoT Modem" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "AR9380" }, { "status": "affected", "version": "CSR8811" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "Flight RB5 5G Platform" }, { "status": "affected", "version": "Immersive Home 214 Platform" }, { "status": "affected", "version": "Immersive Home 216 Platform" }, { "status": "affected", "version": "Immersive Home 316 Platform" }, { "status": "affected", "version": "Immersive Home 318 Platform" }, { "status": "affected", "version": "IPQ5010" }, { "status": "affected", "version": "IPQ5028" }, { "status": "affected", "version": "IPQ6000" }, { "status": "affected", "version": "IPQ6010" }, { "status": "affected", "version": "IPQ6018" }, { "status": "affected", "version": "IPQ6028" }, { "status": "affected", "version": "IPQ8064" }, { "status": "affected", "version": "IPQ8065" }, { "status": "affected", "version": "IPQ8068" }, { "status": "affected", "version": "IPQ8070" }, { "status": "affected", "version": "IPQ8070A" }, { "status": "affected", "version": "IPQ8071" }, { "status": "affected", "version": "IPQ8071A" }, { "status": "affected", "version": "IPQ8072" }, { "status": "affected", "version": "IPQ8072A" }, { "status": "affected", "version": "IPQ8074" }, { "status": "affected", "version": "IPQ8074A" }, { "status": "affected", "version": "IPQ8076" }, { "status": "affected", "version": "IPQ8076A" }, { "status": "affected", "version": "IPQ8078" }, { "status": "affected", "version": "IPQ8078A" }, { "status": "affected", "version": "IPQ8173" }, { "status": "affected", "version": "IPQ8174" }, { "status": "affected", "version": "IPQ9008" }, { "status": "affected", "version": "IPQ9574" }, { "status": "affected", "version": "PMP8074" }, { "status": "affected", "version": "QAM8255P" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA1062" }, { "status": "affected", "version": "QCA1064" }, { "status": "affected", "version": "QCA2062" }, { "status": "affected", "version": "QCA2064" }, { "status": "affected", "version": "QCA2065" }, { "status": "affected", "version": "QCA2066" }, { "status": "affected", "version": "QCA4024" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6554A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6678AQ" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA6797AQ" }, { "status": "affected", "version": "QCA8072" }, { "status": "affected", "version": "QCA8075" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8082" }, { "status": "affected", "version": "QCA8084" }, { "status": "affected", "version": "QCA8085" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA8386" }, { "status": "affected", "version": "QCA9886" }, { "status": "affected", "version": "QCA9888" }, { "status": "affected", "version": "QCA9889" }, { "status": "affected", "version": "QCA9980" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCA9985" }, { "status": "affected", "version": "QCA9986" }, { "status": "affected", "version": "QCA9990" }, { "status": "affected", "version": "QCA9992" }, { "status": "affected", "version": "QCA9994" }, { "status": "affected", "version": "QCM4490" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN5021" }, { "status": "affected", "version": "QCN5022" }, { "status": "affected", "version": "QCN5024" }, { "status": "affected", "version": "QCN5052" }, { "status": "affected", "version": "QCN5054" }, { "status": "affected", "version": "QCN5122" }, { "status": "affected", "version": "QCN5124" }, { "status": "affected", "version": "QCN5152" }, { "status": "affected", "version": "QCN5154" }, { "status": "affected", "version": "QCN5164" }, { "status": "affected", "version": "QCN6023" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN6100" }, { "status": "affected", "version": "QCN6102" }, { "status": "affected", "version": "QCN6112" }, { "status": "affected", "version": "QCN6122" }, { "status": "affected", "version": "QCN6132" }, { "status": "affected", "version": "QCN9000" }, { "status": "affected", "version": "QCN9001" }, { "status": "affected", "version": "QCN9002" }, { "status": "affected", "version": "QCN9003" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9022" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9070" }, { "status": "affected", "version": "QCN9072" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCN9100" }, { "status": "affected", "version": "QCN9274" }, { "status": "affected", "version": "QCS4490" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8250" }, { "status": "affected", "version": "QCS8550" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Robotics RB5 Platform" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8255P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "Snapdragon 778G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)" }, { "status": "affected", "version": "Snapdragon 780G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 782G Mobile Platform (SM7325-AF)" }, { "status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 8+ Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon 888 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\"" }, { "status": "affected", "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)" }, { "status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)" }, { "status": "affected", "version": "Snapdragon AR2 Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon X55 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X65 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "Snapdragon XR2+ Gen 1 Platform" }, { "status": "affected", "version": "Snapdragon Auto 4G Modem" }, { "status": "affected", "version": "SSG2115P" }, { "status": "affected", "version": "SSG2125P" }, { "status": "affected", "version": "SXR1230P" }, { "status": "affected", "version": "SXR2130" }, { "status": "affected", "version": "SXR2230P" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8832" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in WLAN HAL while parsing WMI command parameters." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:22:52.225Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Improper Validation of Array Index in WLAN HAL" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-28573", "datePublished": "2023-09-05T06:24:25.110Z", "dateReserved": "2023-03-17T11:41:45.850Z", "dateUpdated": "2024-08-02T13:43:22.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-33021
Vulnerability from cvelistv5
Published
2023-09-05 06:24
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
Memory corruption in Graphics while processing user packets for command submission.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Qualcomm, Inc. | Snapdragon |
Version: APQ8064AU Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: Flight RB5 5G Platform Version: Home Hub 100 Platform Version: MDM9650 Version: MSM8996AU Version: QAM8255P Version: QAM8295P Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA6797AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCA9379 Version: QCM4325 Version: QCM6490 Version: QCN6024 Version: QCN9011 Version: QCN9012 Version: QCN9024 Version: QCS410 Version: QCS610 Version: QCS6490 Version: QRB5165M Version: QRB5165N Version: Robotics RB5 Platform Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8255P Version: SA8295P Version: SD 675 Version: SD626 Version: SD660 Version: SD670 Version: SD675 Version: SD730 Version: SD835 Version: SD855 Version: SD865 5G Version: SD888 Version: SDX55 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: Smart Audio 200 Platform Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 450 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 630 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 636 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 820 Automotive Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X24 LTE Modem Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: SW5100 Version: SW5100P Version: SXR1120 Version: SXR2130 Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: WCD9326 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3660 Version: WCN3660B Version: WCN3680B Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "FastConnect 6200" }, { "status": "affected", "version": "FastConnect 6700" }, { "status": "affected", "version": "FastConnect 6800" }, { "status": "affected", "version": "FastConnect 6900" }, { "status": "affected", "version": "FastConnect 7800" }, { "status": "affected", "version": "Flight RB5 5G Platform" }, { "status": "affected", "version": "Home Hub 100 Platform" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "QAM8255P" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA6698AQ" }, { "status": "affected", "version": "QCA6797AQ" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCM4325" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "Robotics RB5 Platform" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA4155P" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8255P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "Smart Audio 200 Platform" }, { "status": "affected", "version": "Smart Audio 400 Platform" }, { "status": "affected", "version": "Smart Display 200 Platform (APQ5053-AA)" }, { "status": "affected", "version": "Snapdragon 4 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 429 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 439 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 450 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 480 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)" }, { "status": "affected", "version": "Snapdragon 625 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 626 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 630 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 632 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 636 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 660 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 670 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 675 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 678 Mobile Platform (SM6150-AC)" }, { "status": "affected", "version": "Snapdragon 680 4G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)" }, { "status": "affected", "version": "Snapdragon 690 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 695 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 710 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 720G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 730 Mobile Platform (SM7150-AA)" }, { "status": "affected", "version": "Snapdragon 730G Mobile Platform (SM7150-AB)" }, { "status": "affected", "version": "Snapdragon 732G Mobile Platform (SM7150-AC)" }, { "status": "affected", "version": "Snapdragon 750G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)" }, { "status": "affected", "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)" }, { "status": "affected", "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)" }, { "status": "affected", "version": "Snapdragon 778G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)" }, { "status": "affected", "version": "Snapdragon 780G 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 782G Mobile Platform (SM7325-AF)" }, { "status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute" }, { "status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 820 Automotive Platform" }, { "status": "affected", "version": "Snapdragon 835 Mobile PC Platform" }, { "status": "affected", "version": "Snapdragon 855 Mobile Platform" }, { "status": "affected", "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)" }, { "status": "affected", "version": "Snapdragon 865 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)" }, { "status": "affected", "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)" }, { "status": "affected", "version": "Snapdragon 888 5G Mobile Platform" }, { "status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)" }, { "status": "affected", "version": "Snapdragon Auto 5G Modem-RF" }, { "status": "affected", "version": "Snapdragon W5+ Gen 1 Wearable Platform" }, { "status": "affected", "version": "Snapdragon X12 LTE Modem" }, { "status": "affected", "version": "Snapdragon X24 LTE Modem" }, { "status": "affected", "version": "Snapdragon X50 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X55 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon X65 5G Modem-RF System" }, { "status": "affected", "version": "Snapdragon XR1 Platform" }, { "status": "affected", "version": "Snapdragon XR2 5G Platform" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR1120" }, { "status": "affected", "version": "SXR2130" }, { "status": "affected", "version": "Vision Intelligence 100 Platform (APQ8053-AA)" }, { "status": "affected", "version": "Vision Intelligence 200 Platform (APQ8053-AC)" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption in Graphics while processing user packets for command submission." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:16.342Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin" } ], "title": "Use After Free in Graphics" } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-33021", "datePublished": "2023-09-05T06:24:34.185Z", "dateReserved": "2023-05-17T09:28:53.120Z", "dateUpdated": "2024-08-02T15:32:46.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21266
Vulnerability from cvelistv5
Published
2023-10-06 18:48
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:26.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2024-06-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T20:09:14.813Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0" }, { "url": "https://source.android.com/security/bulletin/2024-06-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21266", "datePublished": "2023-10-06T18:48:40.618Z", "dateReserved": "2022-11-03T22:37:50.653Z", "dateUpdated": "2024-08-02T09:28:26.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21252
Vulnerability from cvelistv5
Published
2023-10-06 18:48
Modified
2024-09-19 16:10
Severity ?
EPSS score ?
Summary
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:26.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8" }, { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21252", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T16:09:29.128777Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T16:10:21.568Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:54.808Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/044ab0684153c4effb9f4fda47df43ccdc77bda8" }, { "url": "https://android.googlesource.com/platform/packages/modules/Wifi/+/50b08ee30e04d185e5ae97a5f717d436fd5a90f3" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21252", "datePublished": "2023-10-06T18:48:40.232Z", "dateReserved": "2022-11-03T22:37:50.652Z", "dateUpdated": "2024-09-19T16:10:21.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40134
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:41
Severity ?
EPSS score ?
Summary
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40134", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:41:29.059431Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:41:38.400Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In isFullScreen of FillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:58.463Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40134", "datePublished": "2023-10-27T20:22:58.463Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:41:38.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30727
Vulnerability from cvelistv5
Published
2023-10-04 03:02
Modified
2024-09-19 19:37
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Samsung Mobile | Samsung Mobile Devices | |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30727", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-19T19:37:03.778267Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-19T19:37:18.984Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Oct-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20 Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-04T03:02:43.232Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=10" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30727", "datePublished": "2023-10-04T03:02:43.232Z", "dateReserved": "2023-04-14T01:59:51.138Z", "dateUpdated": "2024-09-19T19:37:18.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40120
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.284Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:56.553Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40120", "datePublished": "2023-10-27T20:22:56.553Z", "dateReserved": "2023-08-09T02:29:31.894Z", "dateUpdated": "2024-08-02T18:24:55.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40139
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:38
Severity ?
EPSS score ?
Summary
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40139", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:38:49.780178Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:38:59.837Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In FillUi of FillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:59.503Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40139", "datePublished": "2023-10-27T20:22:59.503Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:38:59.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40136
Vulnerability from cvelistv5
Published
2023-10-27 20:22
Modified
2024-09-09 19:40
Severity ?
EPSS score ?
Summary
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:55.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-10-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40136", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:40:18.831586Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:40:31.470Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In setHeader of DialogFillUi.java, there is a possible way to view another user\u0027s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-27T20:22:58.825Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33" }, { "url": "https://source.android.com/security/bulletin/2023-10-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40136", "datePublished": "2023-10-27T20:22:58.825Z", "dateReserved": "2023-08-09T02:29:36.075Z", "dateUpdated": "2024-09-09T19:40:31.470Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.