CVE-2023-33071

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33071

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

M

emory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 8.4
References () https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin - Patch, Vendor Advisory () https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin - Patch, Vendor Advisory
Information

Published : 2023-12-05 03:15

Updated : 2024-11-21 08:04

NVD link : CVE-2023-33071

Mitre link : CVE-2023-33071

CVE.ORG link : CVE-2023-33071

JSON object : View

Products Affected

qualcomm

CWE
CWE-284

Improper Access Control

CWE-863

Incorrect Authorization