#VU80361 Reachable Assertion in Qualcomm Mobile applications


Published: 2023-09-04

Vulnerability identifier: #VU80361

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21653

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AR8035
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8337
Mobile applications / Mobile firmware & hardware
QCN6024
Mobile applications / Mobile firmware & hardware
QCN9024
Mobile applications / Mobile firmware & hardware
SDX65
Mobile applications / Mobile firmware & hardware
SDX70M
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCN6855
Mobile applications / Mobile firmware & hardware
WCN6856
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

AR8035: All versions

QCA8081: All versions

QCA8337: All versions

QCN6024: All versions

QCN9024: All versions

SDX65: All versions

SDX70M: All versions

WCD9380: All versions

WCN6855: All versions

WCN6856: All versions

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/september-2023-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Google Android
Multiple vulnerabilities in Qualcomm chipsets