Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-4683-Q5FV-6J3X
Vulnerability from github – Published: 2024-02-06 06:30 – Updated: 2024-02-06 06:30
VLAI
Details
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Severity
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-33077"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T06:16:00Z",
"severity": "MODERATE"
},
"details": "Memory corruption in HLOS while converting from authorization token to HIDL vector.",
"id": "GHSA-4683-q5fv-6j3x",
"modified": "2024-02-06T06:30:31Z",
"published": "2024-02-06T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33077"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2023-33077 (GCVE-0-2023-33077)
Vulnerability from cvelistv5 – Published: 2024-02-06 05:47 – Updated: 2024-08-22 20:47
VLAI
EPSS
VEX
Title
Buffer Copy Without Checking Size of Input in HLOS
Summary
Memory corruption in HLOS while converting from authorization token to HIDL vector.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: AR8035 Affected: C-V2X 9150 Affected: FastConnect 6200 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6310 Affected: QCA6320 Affected: QCA6391 Affected: QCA6420 Affected: QCA6426 Affected: QCA6430 Affected: QCA6436 Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6696 Affected: QCA6698AQ Affected: QCA8081 Affected: QCA8337 Affected: QCC710 Affected: QCN6224 Affected: QCN6274 Affected: QCN9074 Affected: QCS410 Affected: QCS610 Affected: QCS8155 Affected: QFW7114 Affected: QFW7124 Affected: Qualcomm Video Collaboration VC1 Platform Affected: Qualcomm Video Collaboration VC3 Platform Affected: SA4150P Affected: SA4155P Affected: SA6145P Affected: SA6150P Affected: SA6155P Affected: SA8145P Affected: SA8150P Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SD670 Affected: SD835 Affected: SD855 Affected: SD865 5G Affected: SDX55 Affected: Snapdragon 670 Mobile Platform Affected: Snapdragon 710 Mobile Platform Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 835 Mobile PC Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: Snapdragon Wear 4100+ Platform Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR1 Platform Affected: Snapdragon XR2 5G Platform Affected: SRV1H Affected: SRV1M Affected: SW5100 Affected: SW5100P Affected: SXR1120 Affected: SXR2130 Affected: WCD9326 Affected: WCD9335 Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9380 Affected: WCN3610 Affected: WCN3660B Affected: WCN3680B Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN3990 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8835 |
|
| qualcomm | snapdragon |
Affected:
aqt1000
Affected: ar8035 Affected: c-v2x-9150 Affected: fastconnect_6200 Affected: fastconnect_6800 Affected: fastconnect_6900 Affected: fastconnect7800 Affected: qam8295p Affected: qam8650p Affected: qam8775p Affected: qamsrv1h Affected: qamsrv1m Affected: qca6310 Affected: qca6320 Affected: qca6391 Affected: qca6420 Affected: qca6426 Affected: qca6430 Affected: qca6436 Affected: qca6574au Affected: qca6584au Affected: qca6696 Affected: qca6698aq Affected: qca8081 Affected: qca8337 Affected: qcc710 Affected: qcn6224 Affected: qcn6274 Affected: qcn9074 Affected: qcs410 Affected: qcs610 Affected: qcs8155 Affected: qfw7114 Affected: qfw7124 Affected: qualcomm_video_collaboration_vc3_platform Affected: qualcommm_video_collaboration_vc3_platform Affected: sa4150p Affected: sa4155p Affected: sa6145p Affected: sa6150p Affected: sa6155p Affected: sa8145p Affected: sa8150p Affected: sa8155p Affected: sa8195p Affected: sa8255p Affected: sa8295p Affected: sa8650p Affected: sa8770p Affected: sa8775p Affected: sa9000p Affected: sd670 Affected: sd835 Affected: sd855 Affected: sd865_5g Affected: sdx55 Affected: snapdragon_670_mobile_platform Affected: snapdragon_710_mobile_platform Affected: snapdragon_8_gen_1_mobile_platform Affected: snapdragon_835_mobile_platform Affected: snapdragon_855_mobile_platform Affected: snapdragon_855_plus_5g_mobile_platform\/sm8250-ac\/ Affected: snapdragon_870_5g_moden-rf_gen_2 Affected: snapdragon_auto_5g_moden-rf_gen_2 Affected: snapdragon_w5_plus_gen_1_wearable_platform Affected: snapdragon_wear_4100_plus_platform Affected: snapdragon_x55_5g_moden-rf_system Affected: snapdragon_x75_5g__modem-rf_system Affected: snapdragon_xr1_platform Affected: snapdragon_xr2_5g_platform Affected: srv1h Affected: srv1m Affected: sw5100 Affected: sw5100p Affected: sxr1120 Affected: sxr2130 Affected: wxd9326 Affected: wcd9335 Affected: wcd9340 Affected: wcd9341 Affected: wcd9370 Affected: wcd9380 Affected: wcn3610 Affected: wcn3660b Affected: wcn3680b Affected: wcn3950 Affected: wcn3980 Affected: wcn3988 Affected: wcn3990 Affected: wsa8810 Affected: wsa8815 Affected: wsa8830 Affected: wsa8835 cpe:2.3:h:qualcomm:snapdragon:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:qualcomm:snapdragon:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon",
"vendor": "qualcomm",
"versions": [
{
"status": "affected",
"version": "aqt1000"
},
{
"status": "affected",
"version": "ar8035"
},
{
"status": "affected",
"version": "c-v2x-9150"
},
{
"status": "affected",
"version": "fastconnect_6200"
},
{
"status": "affected",
"version": "fastconnect_6800"
},
{
"status": "affected",
"version": "fastconnect_6900"
},
{
"status": "affected",
"version": "fastconnect7800"
},
{
"status": "affected",
"version": "qam8295p"
},
{
"status": "affected",
"version": "qam8650p"
},
{
"status": "affected",
"version": "qam8775p"
},
{
"status": "affected",
"version": "qamsrv1h"
},
{
"status": "affected",
"version": "qamsrv1m"
},
{
"status": "affected",
"version": "qca6310"
},
{
"status": "affected",
"version": "qca6320"
},
{
"status": "affected",
"version": "qca6391"
},
{
"status": "affected",
"version": "qca6420"
},
{
"status": "affected",
"version": "qca6426"
},
{
"status": "affected",
"version": "qca6430"
},
{
"status": "affected",
"version": "qca6436"
},
{
"status": "affected",
"version": "qca6574au"
},
{
"status": "affected",
"version": "qca6584au"
},
{
"status": "affected",
"version": "qca6696"
},
{
"status": "affected",
"version": "qca6698aq"
},
{
"status": "affected",
"version": "qca8081"
},
{
"status": "affected",
"version": "qca8337"
},
{
"status": "affected",
"version": "qcc710"
},
{
"status": "affected",
"version": "qcn6224"
},
{
"status": "affected",
"version": "qcn6274"
},
{
"status": "affected",
"version": "qcn9074"
},
{
"status": "affected",
"version": "qcs410"
},
{
"status": "affected",
"version": "qcs610"
},
{
"status": "affected",
"version": "qcs8155"
},
{
"status": "affected",
"version": "qfw7114"
},
{
"status": "affected",
"version": "qfw7124"
},
{
"status": "affected",
"version": "qualcomm_video_collaboration_vc3_platform"
},
{
"status": "affected",
"version": "qualcommm_video_collaboration_vc3_platform"
},
{
"status": "affected",
"version": "sa4150p"
},
{
"status": "affected",
"version": "sa4155p"
},
{
"status": "affected",
"version": "sa6145p"
},
{
"status": "affected",
"version": "sa6150p"
},
{
"status": "affected",
"version": "sa6155p"
},
{
"status": "affected",
"version": "sa8145p"
},
{
"status": "affected",
"version": "sa8150p"
},
{
"status": "affected",
"version": "sa8155p"
},
{
"status": "affected",
"version": "sa8195p"
},
{
"status": "affected",
"version": "sa8255p"
},
{
"status": "affected",
"version": "sa8295p"
},
{
"status": "affected",
"version": "sa8650p"
},
{
"status": "affected",
"version": "sa8770p"
},
{
"status": "affected",
"version": "sa8775p"
},
{
"status": "affected",
"version": "sa9000p"
},
{
"status": "affected",
"version": "sd670"
},
{
"status": "affected",
"version": "sd835"
},
{
"status": "affected",
"version": "sd855"
},
{
"status": "affected",
"version": "sd865_5g"
},
{
"status": "affected",
"version": "sdx55"
},
{
"status": "affected",
"version": "snapdragon_670_mobile_platform"
},
{
"status": "affected",
"version": "snapdragon_710_mobile_platform"
},
{
"status": "affected",
"version": "snapdragon_8_gen_1_mobile_platform"
},
{
"status": "affected",
"version": "snapdragon_835_mobile_platform"
},
{
"status": "affected",
"version": "snapdragon_855_mobile_platform"
},
{
"status": "affected",
"version": "snapdragon_855_plus_5g_mobile_platform\\/sm8250-ac\\/"
},
{
"status": "affected",
"version": "snapdragon_870_5g_moden-rf_gen_2"
},
{
"status": "affected",
"version": "snapdragon_auto_5g_moden-rf_gen_2"
},
{
"status": "affected",
"version": "snapdragon_w5_plus_gen_1_wearable_platform"
},
{
"status": "affected",
"version": "snapdragon_wear_4100_plus_platform"
},
{
"status": "affected",
"version": "snapdragon_x55_5g_moden-rf_system"
},
{
"status": "affected",
"version": "snapdragon_x75_5g__modem-rf_system"
},
{
"status": "affected",
"version": "snapdragon_xr1_platform"
},
{
"status": "affected",
"version": "snapdragon_xr2_5g_platform"
},
{
"status": "affected",
"version": "srv1h"
},
{
"status": "affected",
"version": "srv1m"
},
{
"status": "affected",
"version": "sw5100"
},
{
"status": "affected",
"version": "sw5100p"
},
{
"status": "affected",
"version": "sxr1120"
},
{
"status": "affected",
"version": "sxr2130"
},
{
"status": "affected",
"version": "wxd9326"
},
{
"status": "affected",
"version": "wcd9335"
},
{
"status": "affected",
"version": "wcd9340"
},
{
"status": "affected",
"version": "wcd9341"
},
{
"status": "affected",
"version": "wcd9370"
},
{
"status": "affected",
"version": "wcd9380"
},
{
"status": "affected",
"version": "wcn3610"
},
{
"status": "affected",
"version": "wcn3660b"
},
{
"status": "affected",
"version": "wcn3680b"
},
{
"status": "affected",
"version": "wcn3950"
},
{
"status": "affected",
"version": "wcn3980"
},
{
"status": "affected",
"version": "wcn3988"
},
{
"status": "affected",
"version": "wcn3990"
},
{
"status": "affected",
"version": "wsa8810"
},
{
"status": "affected",
"version": "wsa8815"
},
{
"status": "affected",
"version": "wsa8830"
},
{
"status": "affected",
"version": "wsa8835"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-10T05:01:42.668926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T20:47:27.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "C-V2X 9150"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS8155"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC1 Platform"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 710 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 835 Mobile PC Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon W5+ Gen 1 Wearable Platform"
},
{
"status": "affected",
"version": "Snapdragon Wear 4100+ Platform"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR1 Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1120"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in HLOS while converting from authorization token to HIDL vector."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:01:02.097Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin"
}
],
"title": "Buffer Copy Without Checking Size of Input in HLOS"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2023-33077",
"datePublished": "2024-02-06T05:47:14.125Z",
"dateReserved": "2023-05-17T09:28:53.140Z",
"dateUpdated": "2024-08-22T20:47:27.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…