SB2023020701 - Multiple vulnerabilities in Qualcomm chipsets
Published: February 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Buffer over-read (CVE-ID: CVE-2022-25738)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can read and manipulate data.
2) Access of Uninitialized Pointer (CVE-ID: CVE-2022-33280)
The vulnerability allows an attacker to read and manipulate data.
The vulnerability exists due to improper input validation in the Bluetooth HOST. An attacker with physical proximity to the device can trigger memory corruption by sending a specially crafted AVRCP packet and read or manipulate data.
3) Improper Access Control (CVE-ID: CVE-2022-33243)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Qualcomm IPC. A local application can execute arbitrary code.
4) Resource exhaustion (CVE-ID: CVE-2022-40513)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware.. A remote attacker can perform a denial of service (DoS) attack.
5) Buffer over-read (CVE-ID: CVE-2022-40512)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware.. A remote attacker can perform a denial of service (DoS) attack.
6) Improper Input Validation (CVE-ID: CVE-2022-40502)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
7) Improper Input Validation (CVE-ID: CVE-2022-34146)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
8) Buffer over-read (CVE-ID: CVE-2022-34145)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2022-33306)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2022-33277)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in modem. A local application can execute arbitrary code.
11) Buffer over-read (CVE-ID: CVE-2022-33271)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
12) Buffer over-read (CVE-ID: CVE-2022-33229)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Modem. A remote attacker can read and manipulate data.
13) Buffer over-read (CVE-ID: CVE-2022-33221)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Trusted Execution Environment. A local application can read and manipulate data.
14) NULL Pointer Dereference (CVE-ID: CVE-2022-25735)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can perform a denial of service (DoS) attack.
15) Stack-based buffer overflow (CVE-ID: CVE-2022-33279)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can execute arbitrary code.
16) Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-ID: CVE-2022-25734)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can perform a denial of service (DoS) attack.
17) NULL Pointer Dereference (CVE-ID: CVE-2022-25733)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can perform a denial of service (DoS) attack.
18) Buffer over-read (CVE-ID: CVE-2022-25732)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can read and manipulate data.
19) Buffer over-read (CVE-ID: CVE-2022-25728)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can read and manipulate data.
20) Buffer overflow (CVE-ID: CVE-2022-40514)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can execute arbitrary code.
21) Buffer overflow (CVE-ID: CVE-2022-33232)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Hypervisor. A local application can execute arbitrary code.
22) Improper Input Validation (CVE-ID: CVE-2022-25729)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can execute arbitrary code.
23) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2022-33246)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local privileged application can execute arbitrary code.
24) Use After Free (CVE-ID: CVE-2022-33225)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Trusted Application Environment. A local privileged application can execute arbitrary code.
25) Integer overflow (CVE-ID: CVE-2022-33248)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in User Identity Module. A local application can execute arbitrary code.
26) Configuration (CVE-ID: CVE-2022-33233)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in modem. A local application can execute arbitrary code.
27) Improper Input Validation (CVE-ID: CVE-2022-33216)
The vulnerability allows a local privileged application to crash the entire system.
The vulnerability exists due to improper input validation in Automotive. A local privileged application can crash the entire system.
Remediation
Install update from vendor's website.
References
- https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2023-bulletin.html
- https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/bluetooth/-/commit/3b74f1cbe3e849adf717dc2ad1a58c84b91b729b
- https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/system/bt/-/commit/3e99045af6ded3e3e2d8653050c90d1bc4d2c028
- https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/bluetooth_ext/-/commit/3c858f5650918e88cebb104980f108f41a90aee8
- https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/1e3184602e0cf896f49cbb23fd773f0d5d5524d1