Vulnerability
sysops

Hackers exploit Qualcomm’s security flaws to gain unauthorized access, execute malicious code, or potentially compromise data integrity and the system. 

Vulnerabilities present on Qualcomm’s popular chipsets and modems are desirable to hackers intending to breach devices ranging from smartphones to IoT devices. 

By exploiting such vulnerabilities, attackers can evade security protocols via multiple malicious acts, which indicates an immediate response from Qualcomm.

Vulnerabilities Detected

Here below, we have mentioned all the vulnerabilities detected:-

CVE ID: CVE-2024-21473

Title: Improper Input Validation in WIN SON

Description: Memory corruption while redirecting log file to any file location with any file name.

CVSS Rating: Critical

CVSS Score: 9.8

CVE ID: CVE-2023-28547

Title: Buffer Copy Without Checking Size of Input in SPS Applications

Description: Memory corruption in SPS Application while requesting for public key in sorter TA.

CVSS Rating: High

CVSS Score: 8.4

CVE ID: CVE-2023-33023

Title: Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in SPS-Applications

Description: Memory corruption while processing the finish_sign command to pass a rsp buffer.

CVSS Rating: High

CVSS Score: 8.4

CVE ID: CVE-2023-33099

Title: Improper Input Validation in Multi-Mode Call Processor

Description: Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.

CVSS Rating: High

CVSS Score: 7.5

CVE ID: CVE-2023-33100

Title: Improper input validation in Multi-Mode Call Processor

Description: Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.

CVSS Rating: High

CVSS Score: 7.5

CVE ID: CVE-2023-33101

Title: Incorrect Type Conversion or Cast in Multi-Mode Call Processor

Description: Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

CVSS Rating: High

CVSS Score: 7.5

CVE ID: CVE-2023-33115

Title: Buffer Over-read in Trusted Execution Environment

Description: Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.

CVSS Rating: High

CVSS Score: 7.8

CVE ID: CVE-2024-21452

Title: Improper Input Validation in Automotive Telematics

Description: Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.

CVSS Rating: High

CVSS Score: 7.3

CVE ID: CVE-2024-21453

Title: Improper Input Validation in Automotive Telematics

Description: Transient DOS while decoding message of size that exceeds the available system memory.

CVSS Rating: High

CVSS Score: 7.5

CVE ID: CVE-2024-21454

Title: Integer Overflow to Buffer Overflow in Automotive Telematics

Description: Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.

CVSS Rating: High

CVSS Score: 7.5

CVE ID: CVE-2024-21463

Title: Buffer Copy Without Checking Size of Input in Audio

Description: Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

CVSS Rating: High

CVSS Score: 7.3

CVE ID: CVE-2024-21470

Title: Integer Overflow to Buffer Overflow in Graphics Windows

Description: Memory corruption while allocating memory for graphics.

CVSS Rating: High

CVSS Score: 8.4

Open Source Software Vulnerabilities

Here below we have mentioned all the open-source software vulnerabilities:-

CVE ID: CVE-2024-21468

Title: Use After Free in Kernel

Description: Memory corruption when there is failed unmap operation in GPU.

CVSS Rating: High

CVSS Score: 8.4

CVE ID: CVE-2024-21472

Title: Use After Free in Kernel

Description: Memory corruption in Kernel while handling GPU operations.

CVSS Rating: High

CVSS Score: 8.4

CVE ID: CVE-2023-33111

Title: Improper Validation of Array Index in Audio

Description: Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.

CVSS Rating: Medium

CVSS Score: 5.5

CVE ID: CVE-2023-43515

Title: Buffer copy without checking size of input (Classic buffer overflow) in HLOS

Description: Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.

CVSS Rating: Medium

CVSS Score: 6.6

The vulnerability ratings of Android security bulletins are typically based on familiar patterns but could differ as a result of some cases where SELinux protections are bypassed on some platforms or when other experts may have a different understanding of local denial of service attacks or kernel privilege escalation vulnerabilities.

These complications show how security risks can be assessed in various Android implementations.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Related Posts

A new AI tool named Vulnhuntr has been introduced, revolutionizing the way vulnerabilities are discovered in open-source projects. This innovative…

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and…

Google has addressed a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-7965. This high-severity flaw, which affects versions…