Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-1371
Vulnerability from csaf_certbund
Published
2023-06-05 22:00
Modified
2023-06-05 22:00
Summary
Samsung Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1371 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1371.json", }, { category: "self", summary: "WID-SEC-2023-1371 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1371", }, { category: "external", summary: "Samsung Mobile Security - Security Updates vom 2023-06-05", url: "https://security.samsungmobile.com/securityUpdate.smsb", }, ], source_lang: "en-US", title: "Samsung Android: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-05T22:00:00.000+00:00", generator: { date: "2024-08-15T17:51:51.904+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1371", initial_release_date: "2023-06-05T22:00:00.000+00:00", revision_history: [ { date: "2023-06-05T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Samsung Android", product: { name: "Samsung Android", product_id: "T027059", product_identification_helper: { cpe: "cpe:/o:samsung:android:-", }, }, }, ], category: "vendor", name: "Samsung", }, ], }, vulnerabilities: [ { cve: "CVE-2023-26085", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-26085", }, { cve: "CVE-2023-21666", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21666", }, { cve: "CVE-2023-21665", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21665", }, { cve: "CVE-2023-21517", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21517", }, { cve: "CVE-2023-21513", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21513", }, { cve: "CVE-2023-21512", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21512", }, { cve: "CVE-2023-21144", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21144", }, { cve: "CVE-2023-21143", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21143", }, { cve: "CVE-2023-21142", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21142", }, { cve: "CVE-2023-21141", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21141", }, { cve: "CVE-2023-21139", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21139", }, { cve: "CVE-2023-21138", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21138", }, { cve: "CVE-2023-21137", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21137", }, { cve: "CVE-2023-21136", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21136", }, { cve: "CVE-2023-21135", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21135", }, { cve: "CVE-2023-21131", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21131", }, { cve: "CVE-2023-21130", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21130", }, { cve: "CVE-2023-21129", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21129", }, { cve: "CVE-2023-21128", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21128", }, { cve: "CVE-2023-21127", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21127", }, { cve: "CVE-2023-21126", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21126", }, { cve: "CVE-2023-21124", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21124", }, { cve: "CVE-2023-21123", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21123", }, { cve: "CVE-2023-21122", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21122", }, { cve: "CVE-2023-21121", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21121", }, { cve: "CVE-2023-21115", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21115", }, { cve: "CVE-2023-21108", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21108", }, { cve: "CVE-2023-21106", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21106", }, { cve: "CVE-2023-21105", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21105", }, { cve: "CVE-2023-21102", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21102", }, { cve: "CVE-2023-21095", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-21095", }, { cve: "CVE-2023-20965", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20965", }, { cve: "CVE-2023-20726", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20726", }, { cve: "CVE-2023-20698", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20698", }, { cve: "CVE-2023-20697", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20697", }, { cve: "CVE-2023-20696", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20696", }, { cve: "CVE-2023-20695", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20695", }, { cve: "CVE-2023-20694", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-20694", }, { cve: "CVE-2023-0266", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2023-0266", }, { cve: "CVE-2022-47488", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-47488", }, { cve: "CVE-2022-47487", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-47487", }, { cve: "CVE-2022-47486", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-47486", }, { cve: "CVE-2022-47470", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-47470", }, { cve: "CVE-2022-47469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-47469", }, { cve: "CVE-2022-46891", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-46891", }, { cve: "CVE-2022-46396", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-46396", }, { cve: "CVE-2022-46395", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-46395", }, { cve: "CVE-2022-46394", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-46394", }, { cve: "CVE-2022-40508", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-40508", }, { cve: "CVE-2022-40504", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-40504", }, { cve: "CVE-2022-34144", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-34144", }, { cve: "CVE-2022-33305", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2022-33305", }, { cve: "CVE-2021-0877", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Samsung Android und mehreren Google-Komponenten. Die Fehler bestehen unter anderem aufgrund einer unsachgemäßen Privilegienverwaltung, einem Heap-Out-of-Bound-Write und einer unsachgemäßen Knox-ID-Validierung. Ein entfernter, anonymer, lokaler oder physischer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand auszulösen. Die erfolgreiche Ausnutzung der Schwachstellen erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T027059", ], }, release_date: "2023-06-05T22:00:00.000+00:00", title: "CVE-2021-0877", }, ], }
cve-2023-21115
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:52
Severity ?
EPSS score ?
Summary
In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.658Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21115", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:51:46.803646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T18:52:11.182Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L", }, ], }, ], descriptions: [ { lang: "en", value: "In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21115", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:52:11.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20696
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:29
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 13.0 / OpenWrt 19.07, 21.02 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20696", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:28:29.547096Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:29:18.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20696", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:29:18.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21124
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:38
Severity ?
EPSS score ?
Summary
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21124", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:38:07.733880Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T16:38:57.553Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21124", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:38:57.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21137
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:29
Severity ?
EPSS score ?
Summary
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21137", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:29:01.712657Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T18:29:43.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21137", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:29:43.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21144
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:17
Severity ?
EPSS score ?
Summary
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21144", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:17:02.213290Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:17:43.425Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21144", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:17:43.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40508
Vulnerability from cvelistv5
Published
2023-05-02 05:08
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AQT1000 Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QCA6391 Version: QCA6421 Version: QCA6426 Version: QCA6431 Version: QCA6436 Version: QCA6574A Version: QCA6574AU Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCN6024 Version: QCN9024 Version: SD855 Version: SD865 5G Version: SD888 Version: SDX55 Version: SDX57M Version: SM7250P Version: SM7315 Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X70 Modem-RF System Version: Snapdragon XR2 5G Platform Version: SXR2130 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3988 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:qualcomm:315_5g_iot_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "315_5g_iot_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aqt1000_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ar8035_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6200_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6700_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6800_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6900_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_7800_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6391_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6421_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6426_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6431_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6436_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6595au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6696_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6698aq_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8081_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8337_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn6024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd855_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd865_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd888_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx55_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx57m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7250p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7315_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_4_gen_1_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_480_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_690_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_690_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_695_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_750g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_750g_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_780g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_780g_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_8_gen_1_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_855_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_855_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_865_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_auto_5g_modem-rf_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x50_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x50_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x55_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x65_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x70_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x70_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_xr2_5g_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sxr2130_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9341_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9360_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9370_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9375_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9380_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9385_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3988_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6740_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8810_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8815_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8830_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8835_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-40508", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T21:09:47.843288Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T21:09:57.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:21:45.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Industrial IOT", "Snapdragon Mobile", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6700", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "FastConnect 7800", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA6698AQ", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX57M", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "Snapdragon 4 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 480 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 695 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 750G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 780G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 7c+ Gen 3 Compute", }, { status: "affected", version: "Snapdragon 8 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 8+ Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 855 Mobile Platform", }, { status: "affected", version: "Snapdragon 855+/860 Mobile Platform (SM8150-AC)", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon X50 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X65 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X70 Modem-RF System", }, { status: "affected", version: "Snapdragon XR2 5G Platform", }, { status: "affected", version: "SXR2130", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617 Reachable Assertion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:27:54.437Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "Reachable assertion in Modem", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2022-40508", datePublished: "2023-05-02T05:08:54.220Z", dateReserved: "2022-09-12T09:37:28.414Z", dateUpdated: "2024-08-03T12:21:45.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20698
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:23
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20698", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:21:57.248469Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:23:30.907Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20698", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:23:30.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46395
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-11-27 14:56
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.339Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates", }, { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-46395", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T14:56:10.271182Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T14:56:20.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-12T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://developer.arm.com/support/arm-security-updates", }, { url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, { url: "http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46395", datePublished: "2023-03-06T00:00:00", dateReserved: "2022-12-04T00:00:00", dateUpdated: "2024-11-27T14:56:20.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21136
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:32
Severity ?
EPSS score ?
Summary
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.675Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21136", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:31:01.301958Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:32:47.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21136", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:32:47.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47469
Vulnerability from cvelistv5
Published
2023-05-09 01:20
Modified
2025-01-28 20:45
Severity ?
EPSS score ?
Summary
In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:55:08.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T20:45:19.123653Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:45:23.243Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", vendor: "Unisoc (Shanghai) Technologies Co., Ltd.", versions: [ { status: "affected", version: "Android10/Android11", }, ], }, ], descriptions: [ { lang: "en", value: "In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.", }, ], providerMetadata: { dateUpdated: "2023-05-09T01:20:30.308Z", orgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", shortName: "Unisoc", }, references: [ { url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], }, }, cveMetadata: { assignerOrgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", assignerShortName: "Unisoc", cveId: "CVE-2022-47469", datePublished: "2023-05-09T01:20:30.308Z", dateReserved: "2022-12-15T08:22:03.068Z", dateUpdated: "2025-01-28T20:45:23.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21135
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:34
Severity ?
EPSS score ?
Summary
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21135", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:33:20.272773Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:34:12.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21135", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:34:12.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21106
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 17:49
Severity ?
EPSS score ?
Summary
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-05-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-21106", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T17:49:31.268075Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415 Double Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T17:49:35.719Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android kernel", }, ], }, ], descriptions: [ { lang: "en", value: "In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-05-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21106", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-11-03T00:00:00.000Z", dateUpdated: "2025-01-24T17:49:35.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26085
Vulnerability from cvelistv5
Published
2023-06-29 00:00
Modified
2024-11-27 14:29
Severity ?
EPSS score ?
Summary
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:39:06.600Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center", }, { tags: [ "x_transferred", ], url: "https://github.com/ARM-software/android-nn-driver/releases/tag/v23.02", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T14:29:46.881907Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T14:29:59.591Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-29T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://developer.arm.com/Arm%20Security%20Center", }, { url: "https://github.com/ARM-software/android-nn-driver/releases/tag/v23.02", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26085", datePublished: "2023-06-29T00:00:00", dateReserved: "2023-02-20T00:00:00", dateUpdated: "2024-11-27T14:29:59.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21138
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-17 19:49
Severity ?
EPSS score ?
Summary
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21138", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T19:42:13.994875Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-17T19:49:04.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21138", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-17T19:49:04.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46891
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-11-27 15:10
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:47:27.740Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-46891", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-20T17:32:35.513596Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T15:10:12.945Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46891", datePublished: "2023-01-17T00:00:00", dateReserved: "2022-12-09T00:00:00", dateUpdated: "2024-11-27T15:10:12.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20697
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:27
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20697", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:25:15.557341Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:27:40.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20697", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:27:40.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21142
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:27
Severity ?
EPSS score ?
Summary
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:25:48.760692Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-732", description: "CWE-732 Incorrect Permission Assignment for Critical Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:27:46.014Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21142", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:27:46.014Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20726
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 15:01
Severity ?
EPSS score ?
Summary
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20726", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:00:15.127141Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:01:08.247Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20726", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T15:01:08.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21665
Vulnerability from cvelistv5
Published
2023-05-02 05:08
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Memory corruption in Graphics while importing a file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: 9206 LTE Modem Version: APQ8017 Version: APQ8052 Version: APQ8056 Version: APQ8064AU Version: APQ8076 Version: AQT1000 Version: AR8031 Version: AR8035 Version: C-V2X 9150 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: Flight RB5 5G Platform Version: Home Hub 100 Platform Version: MDM9250 Version: MDM9628 Version: MDM9650 Version: MSM8108 Version: MSM8209 Version: MSM8608 Version: MSM8996AU Version: QAM8295P Version: QCA6174 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9011 Version: QCN9012 Version: QCN9024 Version: QCN9074 Version: QCS2290 Version: QCS410 Version: QCS4290 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCS8155 Version: QCS8250 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: Qualcomm 205 Mobile Platform Version: Qualcomm 215 Mobile Platform Version: Robotics RB3 Platform Version: Robotics RB5 Platform Version: SA4150P Version: SA4155P Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SD 675 Version: SD626 Version: SD660 Version: SD670 Version: SD675 Version: SD730 Version: SD835 Version: SD855 Version: SD865 5G Version: SD888 Version: SDM429W Version: SDX20M Version: SDX55 Version: SM4125 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: Smart Audio 200 Platform Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 1200 Wearable Platform Version: Snapdragon 208 Processor Version: Snapdragon 210 Processor Version: Snapdragon 212 Mobile Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 425 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 450 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 617 Processor Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 630 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 636 Mobile Platform Version: Snapdragon 650 Mobile Platform Version: Snapdragon 652 Mobile Platform Version: Snapdragon 653 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 662 Mobile Platform Version: Snapdragon 665 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 820 Automotive Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon Wear 4100+ Platform Version: Snapdragon X12 LTE Modem Version: Snapdragon X20 LTE Modem Version: Snapdragon X24 LTE Modem Version: Snapdragon X5 LTE Modem Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SW5100 Version: SW5100P Version: SXR1120 Version: SXR2130 Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3999 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:qualcomm:315_5g_iot_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "315_5g_iot_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "9206_lte_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8017_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8052_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8056_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8064au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8076_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aqt1000_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ar8031_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ar8035_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:c-v2x_9150_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "c-v2x_9150_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csra6620_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csra6640_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csrb31024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6200_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6700_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6800_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fastconnect_6900_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:flight_rb5_5g_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flight_rb5_5g_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:home_hub_100_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "home_hub_100_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9628_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9650_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8108_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8209_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8608_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8996au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qam8295p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6174_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6174_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6174a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6310_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6320_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6335_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6391_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6420_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6421_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6426_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6430_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6431_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6436_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6564_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6564a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6564au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6584au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6595_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6595au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6696_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6698aq_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8081_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8337_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9367_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9377_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9379_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm2290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm4290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm6125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm6490_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn6024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9011_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9012_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9074_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs2290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs410_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs4290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs610_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs6125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs6490_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs8155_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs8155_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs8250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs8250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qrb5165m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qrb5165n_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qsm8250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qualcomm_205_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qualcomm_205_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qualcomm_215_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qualcomm_215_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:robotics_rb3_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "robotics_rb3_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:robotics_rb5_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "robotics_rb5_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa4150p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa4155p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6145p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6150p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6155_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6155p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8145p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8150p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8155_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8155p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8195p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8295p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_675_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd626_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd660_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd670_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd675_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd730_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd835_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd855_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd865_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd888_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdm429w_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx20m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx20m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx55_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm4125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm6250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm6250p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7250p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7315_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7325p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:smart_audio_200_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "smart_audio_200_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:smart_audio_400_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "smart_audio_400_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_1200_wearable_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_208_processor_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_208_processor_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_210_processor_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_210_processor_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_212_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_212_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_4_gen_1_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_425_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_425_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_429_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_439_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_439_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_450_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_450_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_460_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_480_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_617_processor_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_617_processor_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_625_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_625_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_626_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_626_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_630_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_630_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_632_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_632_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_636_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_636_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_650_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_650_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_652_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_652_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_653_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_653_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_660_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_660_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_662_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_665_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_665_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_670_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_670_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_675_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_675_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_680_4g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_690_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_690_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_695_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_710_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_710_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_720g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_720g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_750g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_750g_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_778g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_778g_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_780g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_780g_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_820_automotive_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_820_automotive_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_835_mobile_pc_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_835_mobile_pc_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_845_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_845_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_855_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_855_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_865_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_888_5g_mobile_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_auto_5g_modem-rf_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x12_lte_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x12_lte_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x20_lte_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x20_lte_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x24_lte_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x24_lte_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x5_lte_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x50_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x50_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x55_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_x65_5g_modem-rf_system_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_xr1_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_xr1_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_xr2_5g_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:snapdragon_auto_4g_modem_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon_auto_4g_modem_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sw5100_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sw5100p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sxr1120_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sxr1120_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sxr2130_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:vision_intelligence_400_platform_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vision_intelligence_400_platform_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9326_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9330_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9335_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9340_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9341_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9370_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9371_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9375_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9380_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9385_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3610_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3615_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3620_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3660_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3660b_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3680_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3680b_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3910_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3950_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3980_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3988_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3990_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3999_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6740_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8810_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8815_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8830_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8835_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-21665", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T20:12:30.514254Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T20:12:42.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Voice & Music", "Snapdragon Wearables", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "9206 LTE Modem", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "APQ8052", }, { status: "affected", version: "APQ8056", }, { status: "affected", version: "APQ8064AU", }, { status: "affected", version: "APQ8076", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8031", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "C-V2X 9150", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6700", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "Flight RB5 5G Platform", }, { status: "affected", version: "Home Hub 100 Platform", }, { status: "affected", version: "MDM9250", }, { status: "affected", version: "MDM9628", }, { status: "affected", version: "MDM9650", }, { status: "affected", version: "MSM8108", }, { status: "affected", version: "MSM8209", }, { status: "affected", version: "MSM8608", }, { status: "affected", version: "MSM8996AU", }, { status: "affected", version: "QAM8295P", }, { status: "affected", version: "QCA6174", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6320", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564", }, { status: "affected", version: "QCA6564A", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6584AU", }, { status: "affected", version: "QCA6595", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA6698AQ", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9367", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCA9379", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9011", }, { status: "affected", version: "QCN9012", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "QCN9074", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "QCS8155", }, { status: "affected", version: "QCS8250", }, { status: "affected", version: "QRB5165M", }, { status: "affected", version: "QRB5165N", }, { status: "affected", version: "QSM8250", }, { status: "affected", version: "Qualcomm 205 Mobile Platform", }, { status: "affected", version: "Qualcomm 215 Mobile Platform", }, { status: "affected", version: "Robotics RB3 Platform", }, { status: "affected", version: "Robotics RB5 Platform", }, { status: "affected", version: "SA4150P", }, { status: "affected", version: "SA4155P", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6150P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8145P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SA8295P", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD835", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SDM429W", }, { status: "affected", version: "SDX20M", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SM4125", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "Smart Audio 200 Platform", }, { status: "affected", version: "Smart Audio 400 Platform", }, { status: "affected", version: "Smart Display 200 Platform (APQ5053-AA)", }, { status: "affected", version: "Snapdragon 1200 Wearable Platform", }, { status: "affected", version: "Snapdragon 208 Processor", }, { status: "affected", version: "Snapdragon 210 Processor", }, { status: "affected", version: "Snapdragon 212 Mobile Platform", }, { status: "affected", version: "Snapdragon 4 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 425 Mobile Platform", }, { status: "affected", version: "Snapdragon 429 Mobile Platform", }, { status: "affected", version: "Snapdragon 439 Mobile Platform", }, { status: "affected", version: "Snapdragon 450 Mobile Platform", }, { status: "affected", version: "Snapdragon 460 Mobile Platform", }, { status: "affected", version: "Snapdragon 480 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)", }, { status: "affected", version: "Snapdragon 617 Processor", }, { status: "affected", version: "Snapdragon 625 Mobile Platform", }, { status: "affected", version: "Snapdragon 626 Mobile Platform", }, { status: "affected", version: "Snapdragon 630 Mobile Platform", }, { status: "affected", version: "Snapdragon 632 Mobile Platform", }, { status: "affected", version: "Snapdragon 636 Mobile Platform", }, { status: "affected", version: "Snapdragon 650 Mobile Platform", }, { status: "affected", version: "Snapdragon 652 Mobile Platform", }, { status: "affected", version: "Snapdragon 653 Mobile Platform", }, { status: "affected", version: "Snapdragon 660 Mobile Platform", }, { status: "affected", version: "Snapdragon 662 Mobile Platform", }, { status: "affected", version: "Snapdragon 665 Mobile Platform", }, { status: "affected", version: "Snapdragon 670 Mobile Platform", }, { status: "affected", version: "Snapdragon 675 Mobile Platform", }, { status: "affected", version: "Snapdragon 678 Mobile Platform (SM6150-AC)", }, { status: "affected", version: "Snapdragon 680 4G Mobile Platform", }, { status: "affected", version: "Snapdragon 685 4G Mobile Platform (SM6225-AD)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 695 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 710 Mobile Platform", }, { status: "affected", version: "Snapdragon 720G Mobile Platform", }, { status: "affected", version: "Snapdragon 730 Mobile Platform (SM7150-AA)", }, { status: "affected", version: "Snapdragon 730G Mobile Platform (SM7150-AB)", }, { status: "affected", version: "Snapdragon 732G Mobile Platform (SM7150-AC)", }, { status: "affected", version: "Snapdragon 750G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 778G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)", }, { status: "affected", version: "Snapdragon 780G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 782G Mobile Platform (SM7325-AF)", }, { status: "affected", version: "Snapdragon 7c+ Gen 3 Compute", }, { status: "affected", version: "Snapdragon 820 Automotive Platform", }, { status: "affected", version: "Snapdragon 835 Mobile PC Platform", }, { status: "affected", version: "Snapdragon 845 Mobile Platform", }, { status: "affected", version: "Snapdragon 855 Mobile Platform", }, { status: "affected", version: "Snapdragon 855+/860 Mobile Platform (SM8150-AC)", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon 888 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon W5+ Gen 1 Wearable Platform", }, { status: "affected", version: "Snapdragon Wear 4100+ Platform", }, { status: "affected", version: "Snapdragon X12 LTE Modem", }, { status: "affected", version: "Snapdragon X20 LTE Modem", }, { status: "affected", version: "Snapdragon X24 LTE Modem", }, { status: "affected", version: "Snapdragon X5 LTE Modem", }, { status: "affected", version: "Snapdragon X50 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X65 5G Modem-RF System", }, { status: "affected", version: "Snapdragon XR1 Platform", }, { status: "affected", version: "Snapdragon XR2 5G Platform", }, { status: "affected", version: "Snapdragon XR2+ Gen 1 Platform", }, { status: "affected", version: "Snapdragon Auto 4G Modem", }, { status: "affected", version: "SW5100", }, { status: "affected", version: "SW5100P", }, { status: "affected", version: "SXR1120", }, { status: "affected", version: "SXR2130", }, { status: "affected", version: "Vision Intelligence 100 Platform (APQ8053-AA)", }, { status: "affected", version: "Vision Intelligence 200 Platform (APQ8053-AC)", }, { status: "affected", version: "Vision Intelligence 400 Platform", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9330", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3620", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN3999", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Memory corruption in Graphics while importing a file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-704", description: "CWE-704 Incorrect Type Conversion or Cast", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:28:01.456Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, { url: "http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html", }, ], title: "Incorrect Type Conversion or Cast in Graphics", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2023-21665", datePublished: "2023-05-02T05:08:57.440Z", dateReserved: "2022-12-07T02:58:25.873Z", dateUpdated: "2024-08-02T09:44:02.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20695
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:30
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 13.0 / OpenWrt 19.07, 21.02 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20695", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:30:12.568668Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:30:47.770Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20695", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:30:47.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21130
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:41
Severity ?
EPSS score ?
Summary
In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21130", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:40:52.532218Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T18:41:18.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21130", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:41:18.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21121
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:50
Severity ?
EPSS score ?
Summary
In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21121", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:47:26.914022Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:50:07.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12", }, ], }, ], descriptions: [ { lang: "en", value: "In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21121", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:50:07.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21123
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:40
Severity ?
EPSS score ?
Summary
In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.995Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21123", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:40:06.274812Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T16:40:39.246Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21123", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:40:39.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21131
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:40
Severity ?
EPSS score ?
Summary
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:34:53.622843Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:40:14.773Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21131", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:40:14.773Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21517
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-12-04 21:43
Severity ?
EPSS score ?
Summary
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: Select devices using Exynos CP chipsets < SMR Jun-2023 Release 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21517", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T20:38:30.405167Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T21:43:05.684Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { lessThan: "SMR Jun-2023 Release 1", status: "affected", version: "Select devices using Exynos CP chipsets", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-28T00:00:00", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], source: { discovery: "UNKNOWN", }, }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-21517", datePublished: "2023-06-28T00:00:00", dateReserved: "2022-11-14T00:00:00", dateUpdated: "2024-12-04T21:43:05.684Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21127
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:35
Severity ?
EPSS score ?
Summary
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.690Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21127", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:35:11.660787Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T16:35:46.994Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21127", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:35:46.994Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21141
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-17 19:33
Severity ?
EPSS score ?
Summary
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21141", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T19:31:15.454584Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-17T19:33:34.996Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21141", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-17T19:33:34.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21143
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:21
Severity ?
EPSS score ?
Summary
In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21143", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:18:42.879625Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:21:51.372Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21143", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:21:51.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47470
Vulnerability from cvelistv5
Published
2023-05-09 01:20
Modified
2025-01-28 20:44
Severity ?
EPSS score ?
Summary
In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:55:08.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47470", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T20:44:42.838168Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:44:46.932Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", vendor: "Unisoc (Shanghai) Technologies Co., Ltd.", versions: [ { status: "affected", version: "Android10/Android11", }, ], }, ], descriptions: [ { lang: "en", value: "In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.", }, ], providerMetadata: { dateUpdated: "2023-05-09T01:20:31.535Z", orgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", shortName: "Unisoc", }, references: [ { url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], }, }, cveMetadata: { assignerOrgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", assignerShortName: "Unisoc", cveId: "CVE-2022-47470", datePublished: "2023-05-09T01:20:31.535Z", dateReserved: "2022-12-15T08:22:03.068Z", dateUpdated: "2025-01-28T20:44:46.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0266
Vulnerability from cvelistv5
Published
2023-01-30 13:09
Modified
2025-02-13 16:38
Severity ?
EPSS score ?
Summary
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux Kernel |
Version: 4.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:44.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4", }, { tags: [ "x_transferred", ], url: "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-0266", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T15:07:49.761602Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-03-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0266", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T15:11:29.784Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "ALSA pcm", product: "Linux Kernel", repo: "https://git.kernel.org", vendor: "Linux", versions: [ { lessThan: "56b88b50565cd8b946a2d00b0c83927b7ebb055e", status: "affected", version: "4.14", versionType: "git", }, ], }, ], datePublic: "2023-01-13T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.<span style=\"background-color: rgb(255, 255, 255);\"> SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e</span><br>", }, ], value: "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T13:06:14.455Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1", }, { url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4", }, { url: "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e", }, { url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html", }, ], source: { discovery: "UNKNOWN", }, title: "Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-0266", datePublished: "2023-01-30T13:09:32.141Z", dateReserved: "2023-01-13T07:58:13.390Z", dateUpdated: "2025-02-13T16:38:54.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20965
Vulnerability from cvelistv5
Published
2023-08-14 20:48
Modified
2024-10-09 19:13
Severity ?
EPSS score ?
Summary
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:21:33.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a", }, { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad", }, { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-08-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20965", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T19:06:15.900756Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-09T19:13:54.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.</p>", }, ], value: "In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-14T20:48:48.811Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/88a8a98934215f591605028e200b6eca8f7cc45a", }, { url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/bd318b9772759546509f6fdb8648366099dd65ad", }, { url: "https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2", }, { url: "https://source.android.com/security/bulletin/2023-08-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-20965", datePublished: "2023-08-14T20:48:48.811Z", dateReserved: "2022-11-03T22:37:50.595Z", dateUpdated: "2024-10-09T19:13:54.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21129
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:46
Severity ?
EPSS score ?
Summary
In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21129", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:41:49.348787Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:46:02.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21129", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:46:02.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21139
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-17 19:41
Severity ?
EPSS score ?
Summary
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21139", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-17T19:34:31.634983Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-17T19:41:14.355Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21139", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-17T19:41:14.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40504
Vulnerability from cvelistv5
Published
2023-05-02 07:30
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: APQ8017 Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: FSM10055 Version: QCA6174A Version: QCA6310 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564AU Version: QCA6574A Version: QCA6574AU Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCA9377 Version: QCM2290 Version: QCM4290 Version: QCM4325 Version: QCM4490 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS2290 Version: QCS410 Version: QCS4290 Version: QCS4490 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: Qualcomm 205 Mobile Platform Version: Qualcomm 215 Mobile Platform Version: Robotics RB3 Platform Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SC8180X+SDX55 Version: SD 455 Version: SD 675 Version: SD460 Version: SD626 Version: SD660 Version: SD662 Version: SD670 Version: SD675 Version: SD730 Version: SD855 Version: SD865 5G Version: SD888 Version: SDX55 Version: SDX57M Version: SG4150P Version: SM4450 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 210 Processor Version: Snapdragon 212 Mobile Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 425 Mobile Platform Version: Snapdragon 427 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 435 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 450 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 630 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 636 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 662 Mobile Platform Version: Snapdragon 665 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 712 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c Compute Platform (SC7180-AC) Version: Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro" Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 850 Mobile Compute Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Version: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Version: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Version: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Version: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X20 LTE Modem Version: Snapdragon X24 LTE Modem Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X70 Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: Snapdragon Auto 4G Modem Version: SW5100 Version: SW5100P Version: SXR1120 Version: SXR2130 Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: Vision Intelligence 300 Platform Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:45.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6700", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "FastConnect 7800", }, { status: "affected", version: "FSM10055", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA6698AQ", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM4325", }, { status: "affected", version: "QCM4490", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS4490", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "Qualcomm 205 Mobile Platform", }, { status: "affected", version: "Qualcomm 215 Mobile Platform", }, { status: "affected", version: "Robotics RB3 Platform", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6150P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8145P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SC8180X+SDX55", }, { status: "affected", version: "SD 455", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD460", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD662", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX57M", }, { status: "affected", version: "SG4150P", }, { status: "affected", version: "SM4450", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "Smart Audio 400 Platform", }, { status: "affected", version: "Smart Display 200 Platform (APQ5053-AA)", }, { status: "affected", version: "Snapdragon 210 Processor", }, { status: "affected", version: "Snapdragon 212 Mobile Platform", }, { status: "affected", version: "Snapdragon 4 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 425 Mobile Platform", }, { status: "affected", version: "Snapdragon 427 Mobile Platform", }, { status: "affected", version: "Snapdragon 429 Mobile Platform", }, { status: "affected", version: "Snapdragon 435 Mobile Platform", }, { status: "affected", version: "Snapdragon 439 Mobile Platform", }, { status: "affected", version: "Snapdragon 450 Mobile Platform", }, { status: "affected", version: "Snapdragon 460 Mobile Platform", }, { status: "affected", version: "Snapdragon 480 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)", }, { status: "affected", version: "Snapdragon 625 Mobile Platform", }, { status: "affected", version: "Snapdragon 626 Mobile Platform", }, { status: "affected", version: "Snapdragon 630 Mobile Platform", }, { status: "affected", version: "Snapdragon 632 Mobile Platform", }, { status: "affected", version: "Snapdragon 636 Mobile Platform", }, { status: "affected", version: "Snapdragon 660 Mobile Platform", }, { status: "affected", version: "Snapdragon 662 Mobile Platform", }, { status: "affected", version: "Snapdragon 665 Mobile Platform", }, { status: "affected", version: "Snapdragon 670 Mobile Platform", }, { status: "affected", version: "Snapdragon 675 Mobile Platform", }, { status: "affected", version: "Snapdragon 678 Mobile Platform (SM6150-AC)", }, { status: "affected", version: "Snapdragon 680 4G Mobile Platform", }, { status: "affected", version: "Snapdragon 685 4G Mobile Platform (SM6225-AD)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 695 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 710 Mobile Platform", }, { status: "affected", version: "Snapdragon 712 Mobile Platform", }, { status: "affected", version: "Snapdragon 720G Mobile Platform", }, { status: "affected", version: "Snapdragon 730 Mobile Platform (SM7150-AA)", }, { status: "affected", version: "Snapdragon 730G Mobile Platform (SM7150-AB)", }, { status: "affected", version: "Snapdragon 732G Mobile Platform (SM7150-AC)", }, { status: "affected", version: "Snapdragon 750G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 778G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)", }, { status: "affected", version: "Snapdragon 780G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 782G Mobile Platform (SM7325-AF)", }, { status: "affected", version: "Snapdragon 7c Compute Platform (SC7180-AC)", }, { status: "affected", version: "Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) \"Rennell Pro\"", }, { status: "affected", version: "Snapdragon 7c+ Gen 3 Compute", }, { status: "affected", version: "Snapdragon 8 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 8+ Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 845 Mobile Platform", }, { status: "affected", version: "Snapdragon 850 Mobile Compute Platform", }, { status: "affected", version: "Snapdragon 855 Mobile Platform", }, { status: "affected", version: "Snapdragon 855+/860 Mobile Platform (SM8150-AC)", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon 888 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)", }, { status: "affected", version: "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\"", }, { status: "affected", version: "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\"", }, { status: "affected", version: "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)", }, { status: "affected", version: "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\"", }, { status: "affected", version: "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\"", }, { status: "affected", version: "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon W5+ Gen 1 Wearable Platform", }, { status: "affected", version: "Snapdragon X20 LTE Modem", }, { status: "affected", version: "Snapdragon X24 LTE Modem", }, { status: "affected", version: "Snapdragon X50 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X65 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X70 Modem-RF System", }, { status: "affected", version: "Snapdragon XR1 Platform", }, { status: "affected", version: "Snapdragon XR2 5G Platform", }, { status: "affected", version: "Snapdragon Auto 4G Modem", }, { status: "affected", version: "SW5100", }, { status: "affected", version: "SW5100P", }, { status: "affected", version: "SXR1120", }, { status: "affected", version: "SXR2130", }, { status: "affected", version: "Vision Intelligence 100 Platform (APQ8053-AA)", }, { status: "affected", version: "Vision Intelligence 200 Platform (APQ8053-AC)", }, { status: "affected", version: "Vision Intelligence 300 Platform", }, { status: "affected", version: "Vision Intelligence 400 Platform", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8832", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617 Reachable Assertion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:27:47.469Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "Reachable assertion in Modem", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2022-40504", datePublished: "2023-05-02T07:30:18.673Z", dateReserved: "2022-09-12T09:37:28.412Z", dateUpdated: "2024-08-03T12:21:45.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21128
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:34
Severity ?
EPSS score ?
Summary
In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21128", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:29:19.784145Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T16:34:10.571Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21128", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:34:10.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-33305
Vulnerability from cvelistv5
Published
2023-05-02 05:08
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QCA6391 Version: QCA6574A Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCM2290 Version: QCM4290 Version: QCM4325 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS2290 Version: QCS4290 Version: QCS6490 Version: SD888 Version: SDX55 Version: SDX57M Version: SG4150P Version: SM7250P Version: SM7315 Version: SM7325P Version: Smart Audio 400 Platform Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 662 Mobile Platform Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon W5+ Gen 1 Wearable Platform Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X70 Modem-RF System Version: SW5100 Version: SW5100P Version: WCD9335 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:01:20.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6700", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "FastConnect 7800", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM4325", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX57M", }, { status: "affected", version: "SG4150P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "Smart Audio 400 Platform", }, { status: "affected", version: "Snapdragon 4 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 460 Mobile Platform", }, { status: "affected", version: "Snapdragon 480 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)", }, { status: "affected", version: "Snapdragon 662 Mobile Platform", }, { status: "affected", version: "Snapdragon 680 4G Mobile Platform", }, { status: "affected", version: "Snapdragon 685 4G Mobile Platform (SM6225-AD)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 695 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 778G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)", }, { status: "affected", version: "Snapdragon 780G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 782G Mobile Platform (SM7325-AF)", }, { status: "affected", version: "Snapdragon 7c+ Gen 3 Compute", }, { status: "affected", version: "Snapdragon 8 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 8+ Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon 888 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon W5+ Gen 1 Wearable Platform", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X65 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X70 Modem-RF System", }, { status: "affected", version: "SW5100", }, { status: "affected", version: "SW5100P", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:27:40.687Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "Null pointer dereference in Modem", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2022-33305", datePublished: "2023-05-02T05:08:47.586Z", dateReserved: "2022-06-14T10:44:39.616Z", dateUpdated: "2024-08-03T08:01:20.537Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46394
Vulnerability from cvelistv5
Published
2023-03-08 00:00
Modified
2025-03-05 15:11
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates", }, { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46394", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-05T15:10:18.703321Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-05T15:11:23.371Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-08T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://developer.arm.com/support/arm-security-updates", }, { url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46394", datePublished: "2023-03-08T00:00:00.000Z", dateReserved: "2022-12-04T00:00:00.000Z", dateUpdated: "2025-03-05T15:11:23.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21122
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:41
Severity ?
EPSS score ?
Summary
In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21122", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:41:12.321121Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T16:41:50.563Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21122", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:41:50.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21666
Vulnerability from cvelistv5
Published
2023-05-02 05:08
Modified
2024-08-02 09:44
Severity ?
EPSS score ?
Summary
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: 9206 LTE Modem Version: APQ8017 Version: AQT1000 Version: AR8031 Version: AR8035 Version: C-V2X 9150 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FastConnect 6200 Version: FastConnect 6800 Version: FastConnect 6900 Version: Flight RB5 5G Platform Version: Home Hub 100 Platform Version: MDM9250 Version: MDM9628 Version: MDM9650 Version: MSM8108 Version: MSM8209 Version: MSM8608 Version: MSM8909W Version: QCA6174 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCN9011 Version: QCN9012 Version: QCN9074 Version: QCS2290 Version: QCS410 Version: QCS4290 Version: QCS610 Version: QCS6125 Version: QCS8155 Version: QCS8250 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: Qualcomm 205 Mobile Platform Version: Qualcomm 215 Mobile Platform Version: Robotics RB3 Platform Version: Robotics RB5 Platform Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SD 675 Version: SD626 Version: SD660 Version: SD670 Version: SD675 Version: SD730 Version: SD835 Version: SD855 Version: SD865 5G Version: SDM429W Version: SDX20M Version: SDX55 Version: SM4125 Version: SM6250 Version: SM6250P Version: SM7250P Version: Smart Audio 200 Platform Version: Smart Audio 400 Platform Version: Smart Display 200 Platform (APQ5053-AA) Version: Snapdragon 1200 Wearable Platform Version: Snapdragon 208 Processor Version: Snapdragon 210 Processor Version: Snapdragon 212 Mobile Platform Version: Snapdragon 425 Mobile Platform Version: Snapdragon 429 Mobile Platform Version: Snapdragon 439 Mobile Platform Version: Snapdragon 450 Mobile Platform Version: Snapdragon 460 Mobile Platform Version: Snapdragon 625 Mobile Platform Version: Snapdragon 626 Mobile Platform Version: Snapdragon 632 Mobile Platform Version: Snapdragon 660 Mobile Platform Version: Snapdragon 662 Mobile Platform Version: Snapdragon 665 Mobile Platform Version: Snapdragon 670 Mobile Platform Version: Snapdragon 675 Mobile Platform Version: Snapdragon 678 Mobile Platform (SM6150-AC) Version: Snapdragon 680 4G Mobile Platform Version: Snapdragon 685 4G Mobile Platform (SM6225-AD) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 710 Mobile Platform Version: Snapdragon 720G Mobile Platform Version: Snapdragon 730 Mobile Platform (SM7150-AA) Version: Snapdragon 730G Mobile Platform (SM7150-AB) Version: Snapdragon 732G Mobile Platform (SM7150-AC) Version: Snapdragon 750G 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 820 Automotive Platform Version: Snapdragon 835 Mobile PC Platform Version: Snapdragon 845 Mobile Platform Version: Snapdragon 855 Mobile Platform Version: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon Wear 2100 Platform Version: Snapdragon Wear 2500 Platform Version: Snapdragon Wear 3100 Platform Version: Snapdragon Wear 4100+ Platform Version: Snapdragon X20 LTE Modem Version: Snapdragon X24 LTE Modem Version: Snapdragon X5 LTE Modem Version: Snapdragon X50 5G Modem-RF System Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon XR1 Platform Version: Snapdragon XR2 5G Platform Version: Snapdragon XR2+ Gen 1 Platform Version: Snapdragon Auto 4G Modem Version: SXR1120 Version: SXR2130 Version: Vision Intelligence 100 Platform (APQ8053-AA) Version: Vision Intelligence 200 Platform (APQ8053-AC) Version: Vision Intelligence 400 Platform Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3999 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Voice & Music", "Snapdragon Wearables", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "9206 LTE Modem", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8031", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "C-V2X 9150", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "Flight RB5 5G Platform", }, { status: "affected", version: "Home Hub 100 Platform", }, { status: "affected", version: "MDM9250", }, { status: "affected", version: "MDM9628", }, { status: "affected", version: "MDM9650", }, { status: "affected", version: "MSM8108", }, { status: "affected", version: "MSM8209", }, { status: "affected", version: "MSM8608", }, { status: "affected", version: "MSM8909W", }, { status: "affected", version: "QCA6174", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6320", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564", }, { status: "affected", version: "QCA6564A", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9367", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCA9379", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCN9011", }, { status: "affected", version: "QCN9012", }, { status: "affected", version: "QCN9074", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS8155", }, { status: "affected", version: "QCS8250", }, { status: "affected", version: "QRB5165M", }, { status: "affected", version: "QRB5165N", }, { status: "affected", version: "QSM8250", }, { status: "affected", version: "Qualcomm 205 Mobile Platform", }, { status: "affected", version: "Qualcomm 215 Mobile Platform", }, { status: "affected", version: "Robotics RB3 Platform", }, { status: "affected", version: "Robotics RB5 Platform", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6150P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8145P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD835", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SDM429W", }, { status: "affected", version: "SDX20M", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SM4125", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "Smart Audio 200 Platform", }, { status: "affected", version: "Smart Audio 400 Platform", }, { status: "affected", version: "Smart Display 200 Platform (APQ5053-AA)", }, { status: "affected", version: "Snapdragon 1200 Wearable Platform", }, { status: "affected", version: "Snapdragon 208 Processor", }, { status: "affected", version: "Snapdragon 210 Processor", }, { status: "affected", version: "Snapdragon 212 Mobile Platform", }, { status: "affected", version: "Snapdragon 425 Mobile Platform", }, { status: "affected", version: "Snapdragon 429 Mobile Platform", }, { status: "affected", version: "Snapdragon 439 Mobile Platform", }, { status: "affected", version: "Snapdragon 450 Mobile Platform", }, { status: "affected", version: "Snapdragon 460 Mobile Platform", }, { status: "affected", version: "Snapdragon 625 Mobile Platform", }, { status: "affected", version: "Snapdragon 626 Mobile Platform", }, { status: "affected", version: "Snapdragon 632 Mobile Platform", }, { status: "affected", version: "Snapdragon 660 Mobile Platform", }, { status: "affected", version: "Snapdragon 662 Mobile Platform", }, { status: "affected", version: "Snapdragon 665 Mobile Platform", }, { status: "affected", version: "Snapdragon 670 Mobile Platform", }, { status: "affected", version: "Snapdragon 675 Mobile Platform", }, { status: "affected", version: "Snapdragon 678 Mobile Platform (SM6150-AC)", }, { status: "affected", version: "Snapdragon 680 4G Mobile Platform", }, { status: "affected", version: "Snapdragon 685 4G Mobile Platform (SM6225-AD)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 710 Mobile Platform", }, { status: "affected", version: "Snapdragon 720G Mobile Platform", }, { status: "affected", version: "Snapdragon 730 Mobile Platform (SM7150-AA)", }, { status: "affected", version: "Snapdragon 730G Mobile Platform (SM7150-AB)", }, { status: "affected", version: "Snapdragon 732G Mobile Platform (SM7150-AC)", }, { status: "affected", version: "Snapdragon 750G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 820 Automotive Platform", }, { status: "affected", version: "Snapdragon 835 Mobile PC Platform", }, { status: "affected", version: "Snapdragon 845 Mobile Platform", }, { status: "affected", version: "Snapdragon 855 Mobile Platform", }, { status: "affected", version: "Snapdragon 855+/860 Mobile Platform (SM8150-AC)", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon Wear 2100 Platform", }, { status: "affected", version: "Snapdragon Wear 2500 Platform", }, { status: "affected", version: "Snapdragon Wear 3100 Platform", }, { status: "affected", version: "Snapdragon Wear 4100+ Platform", }, { status: "affected", version: "Snapdragon X20 LTE Modem", }, { status: "affected", version: "Snapdragon X24 LTE Modem", }, { status: "affected", version: "Snapdragon X5 LTE Modem", }, { status: "affected", version: "Snapdragon X50 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon XR1 Platform", }, { status: "affected", version: "Snapdragon XR2 5G Platform", }, { status: "affected", version: "Snapdragon XR2+ Gen 1 Platform", }, { status: "affected", version: "Snapdragon Auto 4G Modem", }, { status: "affected", version: "SXR1120", }, { status: "affected", version: "SXR2130", }, { status: "affected", version: "Vision Intelligence 100 Platform (APQ8053-AA)", }, { status: "affected", version: "Vision Intelligence 200 Platform (APQ8053-AC)", }, { status: "affected", version: "Vision Intelligence 400 Platform", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9330", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3620", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN3999", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:28:04.919Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, { url: "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html", }, ], title: "Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2023-21666", datePublished: "2023-05-02T05:08:59.157Z", dateReserved: "2022-12-07T02:58:25.874Z", dateUpdated: "2024-08-02T09:44:02.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21108
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21108", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-08-02T09:28:25.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34144
Vulnerability from cvelistv5
Published
2023-05-02 05:08
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
Transient DOS due to reachable assertion in Modem during OSI decode scheduling.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: 315 5G IoT Modem Version: AR8035 Version: FastConnect 6200 Version: FastConnect 6700 Version: FastConnect 6800 Version: FastConnect 6900 Version: FastConnect 7800 Version: QCA6391 Version: QCA6574A Version: QCA6574AU Version: QCA6595AU Version: QCA6696 Version: QCA6698AQ Version: QCA8081 Version: QCA8337 Version: QCM4490 Version: QCM6490 Version: QCN6024 Version: QCN9024 Version: QCS4490 Version: QCS6490 Version: SD888 Version: SDX55 Version: SDX57M Version: SM4450 Version: SM7250P Version: SM7315 Version: SM7325P Version: Snapdragon 4 Gen 1 Mobile Platform Version: Snapdragon 480 5G Mobile Platform Version: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Version: Snapdragon 690 5G Mobile Platform Version: Snapdragon 695 5G Mobile Platform Version: Snapdragon 765 5G Mobile Platform (SM7250-AA) Version: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Version: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Version: Snapdragon 778G 5G Mobile Platform Version: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Version: Snapdragon 780G 5G Mobile Platform Version: Snapdragon 782G Mobile Platform (SM7325-AF) Version: Snapdragon 7c+ Gen 3 Compute Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8+ Gen 1 Mobile Platform Version: Snapdragon 865 5G Mobile Platform Version: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Version: Snapdragon 870 5G Mobile Platform (SM8250-AC) Version: Snapdragon 888 5G Mobile Platform Version: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Version: Snapdragon Auto 5G Modem-RF Version: Snapdragon X55 5G Modem-RF System Version: Snapdragon X65 5G Modem-RF System Version: Snapdragon X70 Modem-RF System Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3950 Version: WCN3988 Version: WCN6740 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-34144", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-05T20:11:01.389113Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T20:11:11.752Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T08:16:17.003Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Industrial IOT", "Snapdragon Mobile", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "315 5G IoT Modem", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "FastConnect 6200", }, { status: "affected", version: "FastConnect 6700", }, { status: "affected", version: "FastConnect 6800", }, { status: "affected", version: "FastConnect 6900", }, { status: "affected", version: "FastConnect 7800", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA6698AQ", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCM4490", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "QCS4490", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX57M", }, { status: "affected", version: "SM4450", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "Snapdragon 4 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 480 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)", }, { status: "affected", version: "Snapdragon 690 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 695 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 765 5G Mobile Platform (SM7250-AA)", }, { status: "affected", version: "Snapdragon 765G 5G Mobile Platform (SM7250-AB)", }, { status: "affected", version: "Snapdragon 768G 5G Mobile Platform (SM7250-AC)", }, { status: "affected", version: "Snapdragon 778G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)", }, { status: "affected", version: "Snapdragon 780G 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 782G Mobile Platform (SM7325-AF)", }, { status: "affected", version: "Snapdragon 7c+ Gen 3 Compute", }, { status: "affected", version: "Snapdragon 8 Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 8+ Gen 1 Mobile Platform", }, { status: "affected", version: "Snapdragon 865 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)", }, { status: "affected", version: "Snapdragon 870 5G Mobile Platform (SM8250-AC)", }, { status: "affected", version: "Snapdragon 888 5G Mobile Platform", }, { status: "affected", version: "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)", }, { status: "affected", version: "Snapdragon Auto 5G Modem-RF", }, { status: "affected", version: "Snapdragon X55 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X65 5G Modem-RF System", }, { status: "affected", version: "Snapdragon X70 Modem-RF System", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8832", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Transient DOS due to reachable assertion in Modem during OSI decode scheduling.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617 Reachable Assertion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:27:44.073Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", }, ], title: "Reachable assertion in Modem", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2022-34144", datePublished: "2023-05-02T05:08:49.075Z", dateReserved: "2022-06-20T05:51:02.535Z", dateUpdated: "2024-08-03T08:16:17.003Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20694
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:33
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20694", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:31:37.322913Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:33:03.006Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6789, MT6853, MT6855, MT6873, MT6879, MT6880, MT6885, MT6890, MT6895, MT6983, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20694", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:33:03.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21102
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 18:05
Severity ?
EPSS score ?
Summary
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-05-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-21102", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T18:04:09.430814Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T18:05:15.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android kernel", }, ], }, ], descriptions: [ { lang: "en", value: "In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-05-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21102", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-11-03T00:00:00.000Z", dateUpdated: "2025-01-24T18:05:15.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47488
Vulnerability from cvelistv5
Published
2023-05-09 01:20
Modified
2025-01-28 21:22
Severity ?
EPSS score ?
Summary
In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12/Android13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:55:08.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47488", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T21:22:39.240813Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T21:22:47.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", vendor: "Unisoc (Shanghai) Technologies Co., Ltd.", versions: [ { status: "affected", version: "Android10/Android11/Android12/Android13", }, ], }, ], descriptions: [ { lang: "en", value: "In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.", }, ], providerMetadata: { dateUpdated: "2023-05-09T01:20:34.945Z", orgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", shortName: "Unisoc", }, references: [ { url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], }, }, cveMetadata: { assignerOrgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", assignerShortName: "Unisoc", cveId: "CVE-2022-47488", datePublished: "2023-05-09T01:20:34.945Z", dateReserved: "2022-12-15T08:22:03.072Z", dateUpdated: "2025-01-28T21:22:47.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21512
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-11-07 18:28
Severity ?
EPSS score ?
Summary
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: Android 11, 12, 13 < SMR Jun-2023 Release 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21512", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T18:28:17.860572Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T18:28:28.976Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { lessThan: "SMR Jun-2023 Release 1", status: "affected", version: "Android 11, 12, 13", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-28T00:00:00", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], source: { discovery: "UNKNOWN", }, }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-21512", datePublished: "2023-06-28T00:00:00", dateReserved: "2022-11-14T00:00:00", dateUpdated: "2024-11-07T18:28:28.976Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47486
Vulnerability from cvelistv5
Published
2023-05-09 01:20
Modified
2025-01-28 20:43
Severity ?
EPSS score ?
Summary
In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:55:08.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47486", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T20:43:07.010627Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:43:10.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", vendor: "Unisoc (Shanghai) Technologies Co., Ltd.", versions: [ { status: "affected", version: "Android10/Android11", }, ], }, ], descriptions: [ { lang: "en", value: "In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.", }, ], providerMetadata: { dateUpdated: "2023-05-09T01:20:32.680Z", orgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", shortName: "Unisoc", }, references: [ { url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], }, }, cveMetadata: { assignerOrgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", assignerShortName: "Unisoc", cveId: "CVE-2022-47486", datePublished: "2023-05-09T01:20:32.680Z", dateReserved: "2022-12-15T08:22:03.072Z", dateUpdated: "2025-01-28T20:43:10.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21095
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:57
Severity ?
EPSS score ?
Summary
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.060Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21095", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:57:38.551438Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-18T18:57:59.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21095", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:57:59.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21513
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-12-05 15:34
Severity ?
EPSS score ?
Summary
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: Android 11, 12, 13 < SMR Jun-2023 Release 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21513", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T15:33:11.036335Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-05T15:34:18.506Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { lessThan: "SMR Jun-2023 Release 1", status: "affected", version: "Android 11, 12, 13", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-28T00:00:00", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06", }, ], source: { discovery: "UNKNOWN", }, }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-21513", datePublished: "2023-06-28T00:00:00", dateReserved: "2022-11-14T00:00:00", dateUpdated: "2024-12-05T15:34:18.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21126
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 16:37
Severity ?
EPSS score ?
Summary
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21126", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T16:36:43.310908Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T16:37:36.327Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21126", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T16:37:36.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21105
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:55
Severity ?
EPSS score ?
Summary
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21105", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:53:18.006484Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:55:43.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21105", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:55:43.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0877
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 16:28
Severity ?
EPSS score ?
Summary
Product: AndroidVersions: Android SoCAndroid ID: A-273754094
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.323Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-05-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-0877", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T16:28:52.674372Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:28:58.095Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android SoC", }, ], }, ], descriptions: [ { lang: "en", value: "Product: AndroidVersions: Android SoCAndroid ID: A-273754094", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-05-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0877", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2020-11-06T00:00:00.000Z", dateUpdated: "2025-01-24T16:28:58.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46396
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 17:33
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.328Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-46396", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T17:33:29.500474Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T17:33:34.683Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-11T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46396", datePublished: "2023-04-11T00:00:00.000Z", dateReserved: "2022-12-04T00:00:00.000Z", dateUpdated: "2025-02-11T17:33:34.683Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47487
Vulnerability from cvelistv5
Published
2023-05-09 01:20
Modified
2025-01-28 21:24
Severity ?
EPSS score ?
Summary
In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unisoc (Shanghai) Technologies Co., Ltd. | SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000 |
Version: Android10/Android11/Android12/Android13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:55:08.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47487", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T21:24:03.444097Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T21:24:18.263Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000", vendor: "Unisoc (Shanghai) Technologies Co., Ltd.", versions: [ { status: "affected", version: "Android10/Android11/Android12/Android13", }, ], }, ], descriptions: [ { lang: "en", value: "In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.", }, ], providerMetadata: { dateUpdated: "2023-05-09T01:20:33.753Z", orgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", shortName: "Unisoc", }, references: [ { url: "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761", }, ], }, }, cveMetadata: { assignerOrgId: "63f92e9c-2193-4c24-98a9-93640392c3d3", assignerShortName: "Unisoc", cveId: "CVE-2022-47487", datePublished: "2023-05-09T01:20:33.753Z", dateReserved: "2022-12-15T08:22:03.072Z", dateUpdated: "2025-01-28T21:24:18.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.