Sign-up

ID

VAR-202402-1418


CVE

CVE-2023-33067


TITLE

Out-of-bounds write vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855

DESCRIPTION

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. 9206 lte modem firmware, AQT1000 firmware, AR8035 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-33067 // JVNDB: JVNDB-2023-025855

AFFECTED PRODUCTS

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6224scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x5 lte modemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8770pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 835 mobile pc platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon wear 4100\+ platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa9000pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9330scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6320scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 820 automotive platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 865 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7315scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ar8035scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 778g\+ 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6900scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 865\+ 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6700scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6740scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9367scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc3 platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6420scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd888scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 5g modem-rf gen 2scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6310scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfw7124scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smart audio 200 platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 778g 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 7800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6698aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x75 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qamsrv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 429 mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 782g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8775pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:aqt1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 888 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 1200 wearable platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 780g 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8775pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x55 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9628scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7325pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:9206 lte modemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6200scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 888\+ 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 7c\+ gen 3 computescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qamsrv1mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc1 platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 870 5g mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8337scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6274scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 855 mobile platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon xr2 5g platformscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:c-v2x 9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfw7114scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 855\+\/860 mobile platformscope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6320scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:c-v2x 9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:aqt1000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8255pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:9206 lte modemscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6900scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qamsrv1mscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qamsrv1hscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9628scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 7800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6700scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6200scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8035scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6310scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8775pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8650pscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855 // NVD: CVE-2023-33067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-33067
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2023-33067
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-33067
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-33067
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2023-33067
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-33067
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855 // NVD: CVE-2023-33067 // NVD: CVE-2023-33067

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855 // NVD: CVE-2023-33067

EXTERNAL IDS

db:NVDid:CVE-2023-33067

Trust: 2.6

db:JVNDBid:JVNDB-2023-025855

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855 // NVD: CVE-2023-33067

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-33067

Trust: 0.8

sources: JVNDB: JVNDB-2023-025855 // NVD: CVE-2023-33067

SOURCES

db:JVNDBid:JVNDB-2023-025855
db:NVDid:CVE-2023-33067

LAST UPDATE DATE

2024-08-14T15:41:19.816000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-025855date:2024-02-13T01:21:00
db:NVDid:CVE-2023-33067date:2024-02-08T22:18:01.073

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-025855date:2024-02-13T00:00:00
db:NVDid:CVE-2023-33067date:2024-02-06T06:16:00.117