Details of VAR-202310-2661

ID

VAR-202310-2661

CVE

CVE-2023-22382

TITLE

Vulnerabilities in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-013621

DESCRIPTION

Weak configuration in Automotive while VM is processing a listener request from TEE. APQ8064AU firmware, MSM8996AU firmware, QAM8295P Unspecified vulnerabilities exist in multiple Qualcomm products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-22382 // JVNDB: JVNDB-2023-013621

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6698aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8064au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qamsrv1h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	srv1h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8650p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8540p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa9000p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8650p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 820 automotive platform	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	qca6584au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6595au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6150p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8650p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6564au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6564a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8295p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6595	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6696	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa8145p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6155	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8064au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qamsrv1h	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6698aq	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6155p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6574a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa8150p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6145p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22382
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2023-22382
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-22382
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-22382
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
product-security@qualcomm.com:	CVE-2023-22382
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2023-22382
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382 // NVD: CVE-2023-22382

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22382	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-013621	Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22382	Trust: 0.8

sources: JVNDB: JVNDB-2023-013621 // NVD: CVE-2023-22382

SOURCES

db:	JVNDB	id:	JVNDB-2023-013621
db:	NVD	id:	CVE-2023-22382

LAST UPDATE DATE

2024-08-14T13:52:09.058000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-013621	date:	2023-12-21T04:45:00
db:	NVD	id:	CVE-2023-22382	date:	2024-04-12T17:16:52.737

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-013621	date:	2023-12-21T00:00:00
db:	NVD	id:	CVE-2023-22382	date:	2023-10-03T06:15:18.617