Details of VAR-202309-2249

ID

VAR-202309-2249

CVE

CVE-2023-33021

TITLE

Use of freed memory vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-011777

DESCRIPTION

Memory corruption in Graphics while processing user packets for command submission. APQ8064AU firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-33021 // JVNDB: JVNDB-2023-011777

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca6431	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8255p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165n	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 888 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6797aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6800	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x50 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 782g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6320	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7315	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6700	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon xr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 888\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 765g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 870 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 480 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6421	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart audio 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 780g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4325	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 685 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	flight rb5 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	vision intelligence 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 765 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 860	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x12 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9011	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 730g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 778g\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa4150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 8 gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon xr1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon w5\+ gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8035	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x65 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6900	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1120	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8064au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon auto 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6740	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 680 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart audio 400	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 4 gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa4155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	vision intelligence 100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 7c\+ gen 3	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9012	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x55 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 7800	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6698aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9371	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	home hub 100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8255p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 778g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7325p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 750g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 732g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 768g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 865\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart display 200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 695 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x24 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	robotics rb5	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 480\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 855\+	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100p	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	fastconnect 6200	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	home hub 100	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6700	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 7800	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6800	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6320	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6391	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6900	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8255p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8035	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6620	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8064au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8295p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	flight rb5 5g	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6310	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-011777 // NVD: CVE-2023-33021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-33021
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2023-33021
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-33021
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-33021
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
product-security@qualcomm.com:	CVE-2023-33021
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-33021
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-011777 // NVD: CVE-2023-33021 // NVD: CVE-2023-33021

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-011777 // NVD: CVE-2023-33021

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33021	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-011777	Trust: 0.8

sources: JVNDB: JVNDB-2023-011777 // NVD: CVE-2023-33021

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-33021	Trust: 0.8

sources: JVNDB: JVNDB-2023-011777 // NVD: CVE-2023-33021

SOURCES

db:	JVNDB	id:	JVNDB-2023-011777
db:	NVD	id:	CVE-2023-33021

LAST UPDATE DATE

2024-08-14T14:43:00.369000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-011777	date:	2023-12-14T05:19:00
db:	NVD	id:	CVE-2023-33021	date:	2024-04-12T17:17:15.697

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-011777	date:	2023-12-14T00:00:00
db:	NVD	id:	CVE-2023-33021	date:	2023-09-05T07:15:14.717