Integer overflow in Qualcomm products - CVE-2023-43545
Published: June 4, 2024
Vulnerability identifier: #VU91035
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-43545
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
FastConnect 7800
QCA6554A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595
QCA6595AU
QCA6696
QCA8081
QCA8337
QCC2073
QCC2076
QCC710
QCN6224
QCN6274
QFW7114
QFW7124
SD660
Snapdragon 660 Mobile Platform
Snapdragon X75 5G Modem-RF System
WCD9335
WCD9340
WCD9341
WCN3980
WCN3990
QCA6574AU
AR8035
FastConnect 7800
QCA6554A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595
QCA6595AU
QCA6696
QCA8081
QCA8337
QCC2073
QCC2076
QCC710
QCN6224
QCN6274
QFW7114
QFW7124
SD660
Snapdragon 660 Mobile Platform
Snapdragon X75 5G Modem-RF System
WCD9335
WCD9340
WCD9341
WCN3980
WCN3990
QCA6574AU
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN HOST. A local privileged application can execute arbitrary code.
Remediation
Install security update from vendor's website.