#VU80356 Buffer overflow in Qualcomm products - CVE-2023-28562
Published: September 4, 2023
Vulnerability identifier: #VU80356
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-28562
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
FastConnect 6200
FastConnect 6800
QCA6391
QCA6420
QCA6430
QCN7606
QCS410
QCS610
SC8180X+SDX55
SD460
SD662
SM4125
SM6250
SM6250P
SM7250P
Snapdragon 460 Mobile Platform
Snapdragon 480 5G Mobile Platform
Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Snapdragon 662 Mobile Platform
Snapdragon 675 Mobile Platform
Snapdragon 678 Mobile Platform (SM6150-AC)
Snapdragon 690 5G Mobile Platform
Snapdragon 695 5G Mobile Platform
Snapdragon 720G Mobile Platform
Snapdragon 730 Mobile Platform (SM7150-AA)
Snapdragon 730G Mobile Platform (SM7150-AB)
Snapdragon 732G Mobile Platform (SM7150-AC)
Snapdragon 750G 5G Mobile Platform
Snapdragon 765 5G Mobile Platform (SM7250-AA)
Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Snapdragon 855 Mobile Platform
Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite"
Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
Snapdragon 8cx Compute Platform (SC8180X-AA
AB)
Snapdragon 8cx Compute Platform (SC8180XP-AC
AF) "Poipu Pro"
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA
Snapdragon X50 5G Modem-RF System
Snapdragon X55 5G Modem-RF System
Vision Intelligence 400 Platform
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WSA8810
WSA8815
WSA8830
WSA8835
SD730
SD855
SDX55
AQT1000
FastConnect 6200
FastConnect 6800
QCA6391
QCA6420
QCA6430
QCN7606
QCS410
QCS610
SC8180X+SDX55
SD460
SD662
SM4125
SM6250
SM6250P
SM7250P
Snapdragon 460 Mobile Platform
Snapdragon 480 5G Mobile Platform
Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Snapdragon 662 Mobile Platform
Snapdragon 675 Mobile Platform
Snapdragon 678 Mobile Platform (SM6150-AC)
Snapdragon 690 5G Mobile Platform
Snapdragon 695 5G Mobile Platform
Snapdragon 720G Mobile Platform
Snapdragon 730 Mobile Platform (SM7150-AA)
Snapdragon 730G Mobile Platform (SM7150-AB)
Snapdragon 732G Mobile Platform (SM7150-AC)
Snapdragon 750G 5G Mobile Platform
Snapdragon 765 5G Mobile Platform (SM7250-AA)
Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Snapdragon 855 Mobile Platform
Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite"
Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
Snapdragon 8cx Compute Platform (SC8180X-AA
AB)
Snapdragon 8cx Compute Platform (SC8180XP-AC
AF) "Poipu Pro"
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA
Snapdragon X50 5G Modem-RF System
Snapdragon X55 5G Modem-RF System
Vision Intelligence 400 Platform
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WSA8810
WSA8815
WSA8830
WSA8835
SD730
SD855
SDX55
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in QESL. A remote attacker can execute arbitrary code.
Remediation
Install security update from vendor's website.