#VU87922 Improper input validation in Qualcomm products - CVE-2023-33100

Vulnerability identifier: #VU87922

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-33100

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AR8035
Mobile applications / Mobile firmware & hardware
FastConnect 6700
Mobile applications / Mobile firmware & hardware
FastConnect 6900
Mobile applications / Mobile firmware & hardware
FastConnect 7800
Mobile applications / Mobile firmware & hardware
QCA6584AU
Mobile applications / Mobile firmware & hardware
QCA6698AQ
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8337
Mobile applications / Mobile firmware & hardware
QCC710
Mobile applications / Mobile firmware & hardware
QCM4490
Mobile applications / Mobile firmware & hardware
QCM8550
Mobile applications / Mobile firmware & hardware
QCN6024
Mobile applications / Mobile firmware & hardware
QCN6224
Mobile applications / Mobile firmware & hardware
QCN6274
Mobile applications / Mobile firmware & hardware
QCN9024
Mobile applications / Mobile firmware & hardware
QCS4490
Mobile applications / Mobile firmware & hardware
QCS8550
Mobile applications / Mobile firmware & hardware
QEP8111
Mobile applications / Mobile firmware & hardware
QFW7114
Mobile applications / Mobile firmware & hardware
QFW7124
Mobile applications / Mobile firmware & hardware
SG8275P
Mobile applications / Mobile firmware & hardware
SM8550P
Mobile applications / Mobile firmware & hardware
Snapdragon 4 Gen 2 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 1 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 2 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 3 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8+ Gen 1 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8+ Gen 2 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon Auto 5G Modem-RF Gen 2
Mobile applications / Mobile firmware & hardware
Snapdragon X35 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X65 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X70 Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X75 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
WCD9340
Mobile applications / Mobile firmware & hardware
WCD9370
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCD9385
Mobile applications / Mobile firmware & hardware
WCD9390
Mobile applications / Mobile firmware & hardware
WCD9395
Mobile applications / Mobile firmware & hardware
WCN3950
Mobile applications / Mobile firmware & hardware
WCN3988
Mobile applications / Mobile firmware & hardware
WSA8810
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware
WSA8840
Mobile applications / Mobile firmware & hardware
WSA8845
Mobile applications / Mobile firmware & hardware
WSA8845H
Mobile applications / Mobile firmware & hardware
QCA6174A
Hardware solutions / Firmware
WSA8832
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Multi-Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

AR8035: All versions

FastConnect 6700: All versions

FastConnect 6900: All versions

FastConnect 7800: All versions

QCA6174A: All versions

QCA6584AU: All versions

QCA6698AQ: All versions

QCA8081: All versions

QCA8337: All versions

QCC710: All versions

QCM4490: All versions

QCM8550: All versions

QCN6024: All versions

QCN6224: All versions

QCN6274: All versions

QCN9024: All versions

QCS4490: All versions

QCS8550: All versions

QEP8111: All versions

QFW7114: All versions

QFW7124: All versions

SG8275P: All versions

SM8550P: All versions

Snapdragon 4 Gen 2 Mobile Platform: All versions

Snapdragon 8 Gen 1 Mobile Platform: All versions

Snapdragon 8 Gen 2 Mobile Platform: All versions

Snapdragon 8 Gen 3 Mobile Platform: All versions

Snapdragon 8+ Gen 1 Mobile Platform: All versions

Snapdragon 8+ Gen 2 Mobile Platform: All versions

Snapdragon Auto 5G Modem-RF Gen 2: All versions

Snapdragon X35 5G Modem-RF System: All versions

Snapdragon X65 5G Modem-RF System: All versions

Snapdragon X70 Modem-RF System: All versions

Snapdragon X75 5G Modem-RF System: All versions

WCD9340: All versions

WCD9370: All versions

WCD9380: All versions

WCD9385: All versions

WCD9390: All versions

WCD9395: All versions

WCN3950: All versions

WCN3988: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8832: All versions

WSA8835: All versions

WSA8840: All versions

WSA8845: All versions

WSA8845H: All versions

---

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.