ID

VAR-202310-2661


CVE

CVE-2023-22382


TITLE

Vulnerabilities in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621

DESCRIPTION

Weak configuration in Automotive while VM is processing a listener request from TEE. APQ8064AU firmware, MSM8996AU firmware, QAM8295P Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-22382 // JVNDB: JVNDB-2023-013621

AFFECTED PRODUCTS

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6698aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qamsrv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8540pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa9000pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 820 automotive platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6584auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6595auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6150pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8650pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6595scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6696scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8145pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6155scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8064auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qamsrv1hscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6698aqscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6155pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8150pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6145pscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-22382
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2023-22382
value: HIGH

Trust: 1.0

NVD: CVE-2023-22382
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-22382
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2023-22382
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-22382
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382 // NVD: CVE-2023-22382

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

EXTERNAL IDS

db:NVDid:CVE-2023-22382

Trust: 2.6

db:JVNDBid:JVNDB-2023-013621

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-22382

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

SOURCES

db:JVNDBid:JVNDB-2023-013621
db:NVDid:CVE-2023-22382

LAST UPDATE DATE

2024-08-14T13:52:09.058000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-013621date:2023-12-21T04:45:00
db:NVDid:CVE-2023-22382date:2024-04-12T17:16:52.737

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-013621date:2023-12-21T00:00:00
db:NVDid:CVE-2023-22382date:2023-10-03T06:15:18.617