ID

VAR-202310-2416


CVE

CVE-2023-28571


TITLE

Out-of-bounds read vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608

DESCRIPTION

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. APQ8064AU firmware, CSRB31024 firmware, QCA6390 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2023-28571 // JVNDB: JVNDB-2023-013608

AFFECTED PRODUCTS

vendor:qualcommmodel:qca6431scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9395scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc2073scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6797aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 4g modemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6320scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 5g modem-rfscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn785x-1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8840scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc3 platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc2076scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250-abscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6554ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn685x-5scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250-acscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn785x-5scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:s820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6310scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6421scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6698aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn685x-1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8\+ gen 2 mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6678aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x55 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6175ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8 gen 2 mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8550pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc1 platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon w5\+ gen 1 wearable platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon xr2 5g platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8845hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csrb31024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100pscope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:wcn685x-1scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csrb31024scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6175ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6426scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8255pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6436scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6431scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6310scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:wcn785x-5scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:wcn785x-1scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8064auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6421scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6320scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:wcn685x-5scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6554ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608 // NVD: CVE-2023-28571

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-28571
value: MEDIUM

Trust: 1.0

product-security@qualcomm.com: CVE-2023-28571
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-28571
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-28571
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2023-28571
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-28571
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608 // NVD: CVE-2023-28571 // NVD: CVE-2023-28571

PROBLEMTYPE DATA

problemtype:CWE-126

Trust: 1.0

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608 // NVD: CVE-2023-28571

EXTERNAL IDS

db:NVDid:CVE-2023-28571

Trust: 2.6

db:JVNDBid:JVNDB-2023-013608

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608 // NVD: CVE-2023-28571

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28571

Trust: 0.8

sources: JVNDB: JVNDB-2023-013608 // NVD: CVE-2023-28571

SOURCES

db:JVNDBid:JVNDB-2023-013608
db:NVDid:CVE-2023-28571

LAST UPDATE DATE

2024-08-14T15:00:02.341000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-013608date:2023-12-21T04:34:00
db:NVDid:CVE-2023-28571date:2024-04-12T17:17:10.120

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-013608date:2023-12-21T00:00:00
db:NVDid:CVE-2023-28571date:2023-10-03T06:15:24.657