SB2023070318 - Multiple vulnerabilities in Qualcomm chipsets

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023070318

SB2023070318 - Multiple vulnerabilities in Qualcomm chipsets

Published: July 3, 2023

Security Bulletin ID SB2023070318
Severity
Medium
Patch available
YES
Number of vulnerabilities 18
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2023-21640)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.


2) Buffer over-read (CVE-ID: CVE-2023-28542)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local application can execute arbitrary code.


3) Buffer over-read (CVE-ID: CVE-2023-28541)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN Host. A local application can execute arbitrary code.


4) Stack-based buffer overflow (CVE-ID: CVE-2023-24854)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local application can execute arbitrary code.


5) Use After Free (CVE-ID: CVE-2023-21672)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.


6) Integer overflow (CVE-ID: CVE-2023-22667)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.


7) Double Free (CVE-ID: CVE-2023-21629)

The vulnerability allows a local attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Modem. A local attacker can execute arbitrary code.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-21641)

The vulnerability allows a local application to read, manipulate or delete data.

The vulnerability exists due to improper input validation in Display. A local application can read, manipulate or delete data.


9) Buffer overflow (CVE-ID: CVE-2023-21639)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.


10) Improper input validation (CVE-ID: CVE-2023-21631)

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to improper input validation in Modem. A remote attacker can manipulate data.


11) Type conversion (CVE-ID: CVE-2023-21638)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Video. A local privileged application can execute arbitrary code.


12) Memory corruption (CVE-ID: CVE-2023-21637)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.


13) Buffer overflow (CVE-ID: CVE-2023-21635)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A local privileged application can execute arbitrary code.


14) Memory corruption (CVE-ID: CVE-2023-21633)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Linux. A local privileged application can execute arbitrary code.


15) Information exposure (CVE-ID: CVE-2023-21624)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation in DSP Services. A local application can gain access to sensitive information.


16) Buffer overflow (CVE-ID: CVE-2023-24851)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local application can execute arbitrary code.


17) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-22387)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Qualcomm IPC. A local application can execute arbitrary code.


18) Buffer overflow (CVE-ID: CVE-2023-22386)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN HOST. A local application can execute arbitrary code.


Remediation

Install update from vendor's website.

References