BDU:2024-05880

Опубликовано: 19 дек. 2023

Источник: fstec

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Уязвимость компонента SMEM Partition Handler микропрограммного обеспечения встраиваемых плат Qualcomm связана с копированием буфера без проверки размера входных данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Вендор

Qualcomm Technologies Inc.

Наименование ПО

IPQ4019

IPQ8064

QCA9980

MDM9650

SDM429

SD 8 Gen1 5G

WCD9380

WSA8830

WSA8835

AQT1000

AR8035

CSRA6620

CSRA6640

SD730

SD 670

SD835

SD855

QCA7500

Snapdragon 429 Mobile Platform

Snapdragon 835 Mobile PC Platform

Snapdragon 855 Mobile Platform

Snapdragon 855+/860 Mobile Platform (SM8150-AC)

Snapdragon 865 5G Mobile Platform

Snapdragon 865+ 5G Mobile Platform (SM8250-AB)

Snapdragon 870 5G Mobile Platform (SM8250-AC)

Snapdragon W5+ Gen 1 Wearable Platform

Snapdragon X55 5G Modem-RF System

Snapdragon XR2 5G Platform

Snapdragon Auto 4G Modem

Snapdragon X50 5G Modem-RF System

Snapdragon 8 Gen 1 Mobile Platform

Snapdragon 888 5G Mobile Platform

Snapdragon 888+ 5G Mobile Platform (SM8350-AC)

Snapdragon 765 5G Mobile Platform (SM7250-AA)

Snapdragon 765G 5G Mobile Platform (SM7250-AB)

Snapdragon 768G 5G Mobile Platform (SM7250-AC)

Snapdragon 4 Gen 1 Mobile Platform

Snapdragon 460 Mobile Platform

Snapdragon 480 5G Mobile Platform

Snapdragon 480+ 5G Mobile Platform (SM4350-AC)

Snapdragon 662 Mobile Platform

Snapdragon 670 Mobile Platform

Snapdragon 675 Mobile Platform

Snapdragon 678 Mobile Platform (SM6150-AC)

Snapdragon 680 4G Mobile Platform

Snapdragon 685 4G Mobile Platform (SM6225-AD)

Snapdragon 690 5G Mobile Platform

Snapdragon 695 5G Mobile Platform

Snapdragon 720G Mobile Platform

Snapdragon 730 Mobile Platform (SM7150-AA)

Snapdragon 730G Mobile Platform (SM7150-AB)

Snapdragon 732G Mobile Platform (SM7150-AC)

Snapdragon 750G 5G Mobile Platform

Snapdragon 778G 5G Mobile Platform

Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)

Snapdragon 780G 5G Mobile Platform

Snapdragon 782G Mobile Platform (SM7325-AF)

Snapdragon 7c+ Gen 3 Compute Platform

Snapdragon 8+ Gen 1 Mobile Platform

Snapdragon 845 Mobile Platform

Snapdragon AR2 Gen 1 Platform

Snapdragon X24 LTE Modem

Snapdragon X65 5G Modem-RF System

Snapdragon XR2+ Gen 1 Platform

205 Mobile Platform

215 Mobile Platform

Qualcomm® Video Collaboration VC1 Platform

Qualcomm® Video Collaboration VC3 Platform

Snapdragon 8 Gen 2 Mobile Platform

Snapdragon 8+ Gen 2 Mobile Platform

Snapdragon Auto 5G Modem-RF

Snapdragon X75 5G Modem-RF System

Immersive Home 214 Platform

Immersive Home 216 Platform

Immersive Home 316 Platform

Immersive Home 318 Platform

Immersive Home 3210 Platform

Immersive Home 326 Platform

IPQ5010

IPQ5028

IPQ5332

IPQ8070A

IPQ8071A

IPQ8072A

IPQ8074A

IPQ8076

IPQ8076A

IPQ8078

IPQ8078A

IPQ8173

IPQ8174

IPQ9554

IPQ9570

QCA0000

QCA9889

QCF8000

QCF8001

QCN5024

QCN5124

QCN5154

QCN5164

QCN6112

QCN6122

QCN6132

QCN9100

SA4155P

SA8770P

SDX65M

Snapdragon X12 LTE Modem

AR9380

IPQ8065

IPQ8068

IPQ9008

IPQ9574

QCA6564AU

QCA6574

QCA6574A

QCA6574AU

QCA6584AU

QCA6678AQ

QCA9886

QCA9888

QCA9985

QCA9990

QCA9992

QCA9994

QCN5054

QCN6100

QCN6102

QCN9001

QCN9002

QCN9003

QCN9022

IPQ5302

IPQ5312

IPQ8070

FSM10055

FSM10056

PMP8074

QCN6402

QCN6412

QCN6422

QCN6432

Qualcomm® Video Collaboration VC5 Platform

Snapdragon 710 Mobile Platform

Snapdragon 8 Gen 3 Mobile Platform

Snapdragon Auto 5G Modem-RF Gen 2

Snapdragon X35 5G Modem-RF System

Snapdragon XR1 Platform

SXR1120

SA4150P

SA8775P

IPQ4018

IPQ4028

IPQ4029

QCA9880

QCA9898

FSM20055

FSM20056

IPQ5300

QAM8620P

SA7775P

SA8620P

SA8650P

SM6370

Snapdragon X62 5G Modem-RF System

Snapdragon X72 5G Modem-RF System

SRV1H

SRV1L

SRV1M

SXR2250P

TalynPlus

FastConnect 6700

FastConnect 6900

FastConnect 7800

QCS4490

QCM4490

WCD9370

WCD9390

WCD9395

WCN3950

WCN6740

WSA8810

WSA8815

WSA8832

WSA8840

WSA8845

WSA8845H

CSR8811

IPQ6000

IPQ6010

IPQ6018

IPQ6028

QAM8255P

QAM8295P

QAM8650P

QAM8775P

QAMSRV1H

QAMSRV1M

QCA4024

QCA6595

QCA6595AU

QCA6696

QCA6698AQ

QCA6797AQ

QCA8075

QCA8081

QCA8082

QCA8084

QCA8085

QCA8337

QCA8386

QCC710

QCM5430

QCM6490

QCM8550

QCN5022

QCN5052

QCN5122

QCN5152

QCN6023

QCN6024

QCN6224

QCN6274

QCN9000

QCN9012

QCN9024

QCN9070

QCN9072

QCN9074

QCN9274

QCS410

QCS5430

QCS610

QCS6490

QCS8550

QFW7114

QFW7124

SA6155P

SA7255P

SA8155P

SA8255P

SA8295P

SA9000P

SDX55

SM8550P

SXR2230P

WCD9340

WCD9341

WCD9375

WCD9385

WCN3980

WCN3988

FastConnect 6200

FastConnect 6800

Flight RB5 5G Platform

QCA6174A

QCA6391

QCA6420

QCA6426

QCA6430

QCA6436

QCM2150

QCM2290

QCM4290

QCM4325

QCM6125

QCN9011

QCS2290

QCS4290

QCS6125

QCS7230

QCS8250

QDU1000

QDU1010

QDU1110

QDU1210

QDX1010

QDX1011

QEP8111

QRB5165M

QRB5165N

QRU1032

QRU1052

QRU1062

QSM8350

Robotics RB5 Platform

SA6145P

SA6150P

SA6155

SA8145P

SA8150P

SA8155

SD865 5G

SD888

SG4150P

SG8275P

SM4125

SM6250

SM7250P

SM7315

SM7325P

Smart Audio 400 Platform

Snapdragon 4 Gen 2 Mobile Platform

SSG2115P

SSG2125P

SW5100

SW5100P

SXR1230P

SXR2130

WCD9326

WCD9335

WCN3610

WCN3615

WCN3620

WCN3660B

WCN3680

WCN3680B

WCN3910

WCN3990

QCA8072

QCA9984

APQ8064AU

CSRB31024

Snapdragon 660 Mobile Platform

Snapdragon 820 Automotive Platform

Vision Intelligence 300 Platform

Vision Intelligence 400 Platform

QCA6310

QCA6335

QCA6564A

QCA9377

MSM8996AU

QCA6320

QCA6564

Snapdragon 210 Processor

Snapdragon 212 Mobile Platform

MDM9628

QCA9367

QCN5021

Версия ПО

- (IPQ4019)

- (IPQ8064)

- (QCA9980)

- (MDM9650)

- (SDM429)

- (SD 8 Gen1 5G)

- (WCD9380)

- (WSA8830)

- (WSA8835)

- (AQT1000)

- (AR8035)

- (CSRA6620)

- (CSRA6640)

- (SD730)

- (SD 670)

- (SD835)

- (SD855)

- (QCA7500)

- (Snapdragon 429 Mobile Platform)

- (Snapdragon 835 Mobile PC Platform)

- (Snapdragon 855 Mobile Platform)

- (Snapdragon 855+/860 Mobile Platform (SM8150-AC))

- (Snapdragon 865 5G Mobile Platform)

- (Snapdragon 865+ 5G Mobile Platform (SM8250-AB))

- (Snapdragon 870 5G Mobile Platform (SM8250-AC))

- (Snapdragon W5+ Gen 1 Wearable Platform)

- (Snapdragon X55 5G Modem-RF System)

- (Snapdragon XR2 5G Platform)

- (Snapdragon Auto 4G Modem)

- (Snapdragon X50 5G Modem-RF System)

- (Snapdragon 8 Gen 1 Mobile Platform)

- (Snapdragon 888 5G Mobile Platform)

- (Snapdragon 888+ 5G Mobile Platform (SM8350-AC))

- (Snapdragon 765 5G Mobile Platform (SM7250-AA))

- (Snapdragon 765G 5G Mobile Platform (SM7250-AB))

- (Snapdragon 768G 5G Mobile Platform (SM7250-AC))

- (Snapdragon 4 Gen 1 Mobile Platform)

- (Snapdragon 460 Mobile Platform)

- (Snapdragon 480 5G Mobile Platform)

- (Snapdragon 480+ 5G Mobile Platform (SM4350-AC))

- (Snapdragon 662 Mobile Platform)

- (Snapdragon 670 Mobile Platform)

- (Snapdragon 675 Mobile Platform)

- (Snapdragon 678 Mobile Platform (SM6150-AC))

- (Snapdragon 680 4G Mobile Platform)

- (Snapdragon 685 4G Mobile Platform (SM6225-AD))

- (Snapdragon 690 5G Mobile Platform)

- (Snapdragon 695 5G Mobile Platform)

- (Snapdragon 720G Mobile Platform)

- (Snapdragon 730 Mobile Platform (SM7150-AA))

- (Snapdragon 730G Mobile Platform (SM7150-AB))

- (Snapdragon 732G Mobile Platform (SM7150-AC))

- (Snapdragon 750G 5G Mobile Platform)

- (Snapdragon 778G 5G Mobile Platform)

- (Snapdragon 778G+ 5G Mobile Platform (SM7325-AE))

- (Snapdragon 780G 5G Mobile Platform)

- (Snapdragon 782G Mobile Platform (SM7325-AF))

- (Snapdragon 7c+ Gen 3 Compute Platform)

- (Snapdragon 8+ Gen 1 Mobile Platform)

- (Snapdragon 845 Mobile Platform)

- (Snapdragon AR2 Gen 1 Platform)

- (Snapdragon X24 LTE Modem)

- (Snapdragon X65 5G Modem-RF System)

- (Snapdragon XR2+ Gen 1 Platform)

- (205 Mobile Platform)

- (215 Mobile Platform)

- (Qualcomm® Video Collaboration VC1 Platform)

- (Qualcomm® Video Collaboration VC3 Platform)

- (Snapdragon 8 Gen 2 Mobile Platform)

- (Snapdragon 8+ Gen 2 Mobile Platform)

- (Snapdragon Auto 5G Modem-RF)

- (Snapdragon X75 5G Modem-RF System)

- (Immersive Home 214 Platform)

- (Immersive Home 216 Platform)

- (Immersive Home 316 Platform)

- (Immersive Home 318 Platform)

- (Immersive Home 3210 Platform)

- (Immersive Home 326 Platform)

- (IPQ5010)

- (IPQ5028)

- (IPQ5332)

- (IPQ8070A)

- (IPQ8071A)

- (IPQ8072A)

- (IPQ8074A)

- (IPQ8076)

- (IPQ8076A)

- (IPQ8078)

- (IPQ8078A)

- (IPQ8173)

- (IPQ8174)

- (IPQ9554)

- (IPQ9570)

- (QCA0000)

- (QCA9889)

- (QCF8000)

- (QCF8001)

- (QCN5024)

- (QCN5124)

- (QCN5154)

- (QCN5164)

- (QCN6112)

- (QCN6122)

- (QCN6132)

- (QCN9100)

- (SA4155P)

- (SA8770P)

- (SDX65M)

- (Snapdragon X12 LTE Modem)

- (AR9380)

- (IPQ8065)

- (IPQ8068)

- (IPQ9008)

- (IPQ9574)

- (QCA6564AU)

- (QCA6574)

- (QCA6574A)

- (QCA6574AU)

- (QCA6584AU)

- (QCA6678AQ)

- (QCA9886)

- (QCA9888)

- (QCA9985)

- (QCA9990)

- (QCA9992)

- (QCA9994)

- (QCN5054)

- (QCN6100)

- (QCN6102)

- (QCN9001)

- (QCN9002)

- (QCN9003)

- (QCN9022)

- (IPQ5302)

- (IPQ5312)

- (IPQ8070)

- (FSM10055)

- (FSM10056)

- (PMP8074)

- (QCN6402)

- (QCN6412)

- (QCN6422)

- (QCN6432)

- (Qualcomm® Video Collaboration VC5 Platform)

- (Snapdragon 710 Mobile Platform)

- (Snapdragon 8 Gen 3 Mobile Platform)

- (Snapdragon Auto 5G Modem-RF Gen 2)

- (Snapdragon X35 5G Modem-RF System)

- (Snapdragon XR1 Platform)

- (SXR1120)

- (SA4150P)

- (SA8775P)

- (IPQ4018)

- (IPQ4028)

- (IPQ4029)

- (QCA9880)

- (QCA9898)

- (FSM20055)

- (FSM20056)

- (IPQ5300)

- (QAM8620P)

- (SA7775P)

- (SA8620P)

- (SA8650P)

- (SM6370)

- (Snapdragon X62 5G Modem-RF System)

- (Snapdragon X72 5G Modem-RF System)

- (SRV1H)

- (SRV1L)

- (SRV1M)

- (SXR2250P)

- (TalynPlus)

- (FastConnect 6700)

- (FastConnect 6900)

- (FastConnect 7800)

- (QCS4490)

- (QCM4490)

- (WCD9370)

- (WCD9390)

- (WCD9395)

- (WCN3950)

- (WCN6740)

- (WSA8810)

- (WSA8815)

- (WSA8832)

- (WSA8840)

- (WSA8845)

- (WSA8845H)

- (CSR8811)

- (IPQ6000)

- (IPQ6010)

- (IPQ6018)

- (IPQ6028)

- (QAM8255P)

- (QAM8295P)

- (QAM8650P)

- (QAM8775P)

- (QAMSRV1H)

- (QAMSRV1M)

- (QCA4024)

- (QCA6595)

- (QCA6595AU)

- (QCA6696)

- (QCA6698AQ)

- (QCA6797AQ)

- (QCA8075)

- (QCA8081)

- (QCA8082)

- (QCA8084)

- (QCA8085)

- (QCA8337)

- (QCA8386)

- (QCC710)

- (QCM5430)

- (QCM6490)

- (QCM8550)

- (QCN5022)

- (QCN5052)

- (QCN5122)

- (QCN5152)

- (QCN6023)

- (QCN6024)

- (QCN6224)

- (QCN6274)

- (QCN9000)

- (QCN9012)

- (QCN9024)

- (QCN9070)

- (QCN9072)

- (QCN9074)

- (QCN9274)

- (QCS410)

- (QCS5430)

- (QCS610)

- (QCS6490)

- (QCS8550)

- (QFW7114)

- (QFW7124)

- (SA6155P)

- (SA7255P)

- (SA8155P)

- (SA8255P)

- (SA8295P)

- (SA9000P)

- (SDX55)

- (SM8550P)

- (SXR2230P)

- (WCD9340)

- (WCD9341)

- (WCD9375)

- (WCD9385)

- (WCN3980)

- (WCN3988)

- (FastConnect 6200)

- (FastConnect 6800)

- (Flight RB5 5G Platform)

- (QCA6174A)

- (QCA6391)

- (QCA6420)

- (QCA6426)

- (QCA6430)

- (QCA6436)

- (QCM2150)

- (QCM2290)

- (QCM4290)

- (QCM4325)

- (QCM6125)

- (QCN9011)

- (QCS2290)

- (QCS4290)

- (QCS6125)

- (QCS7230)

- (QCS8250)

- (QDU1000)

- (QDU1010)

- (QDU1110)

- (QDU1210)

- (QDX1010)

- (QDX1011)

- (QEP8111)

- (QRB5165M)

- (QRB5165N)

- (QRU1032)

- (QRU1052)

- (QRU1062)

- (QSM8350)

- (Robotics RB5 Platform)

- (SA6145P)

- (SA6150P)

- (SA6155)

- (SA8145P)

- (SA8150P)

- (SA8155)

- (SD865 5G)

- (SD888)

- (SG4150P)

- (SG8275P)

- (SM4125)

- (SM6250)

- (SM7250P)

- (SM7315)

- (SM7325P)

- (Smart Audio 400 Platform)

- (Snapdragon 4 Gen 2 Mobile Platform)

- (SSG2115P)

- (SSG2125P)

- (SW5100)

- (SW5100P)

- (SXR1230P)

- (SXR2130)

- (WCD9326)

- (WCD9335)

- (WCN3610)

- (WCN3615)

- (WCN3620)

- (WCN3660B)

- (WCN3680)

- (WCN3680B)

- (WCN3910)

- (WCN3990)

- (QCA8072)

- (QCA9984)

- (APQ8064AU)

- (CSRB31024)

- (Snapdragon 660 Mobile Platform)

- (Snapdragon 820 Automotive Platform)

- (Vision Intelligence 300 Platform)

- (Vision Intelligence 400 Platform)

- (QCA6310)

- (QCA6335)

- (QCA6564A)

- (QCA9377)

- (MSM8996AU)

- (QCA6320)

- (QCA6564)

- (Snapdragon 210 Processor)

- (Snapdragon 212 Mobile Platform)

- (MDM9628)

- (QCA9367)

- (QCN5021)

Тип ПО

Микропрограммный код

Сетевое средство

Сетевое программное средство

Операционные системы и аппаратные платформы

Google Inc Android -

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)

Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:

Для продуктов Qualcomm Technologies, Inc.:

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html

https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/b12e1634ab1e954ecd0577e75a12a7a4f4c108d6

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23368
CVE

EPSS

Процентиль: 30%

0.00111

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2024-23368

CVSS3: 7.8

nvd

больше 1 года назад

Memory corruption when allocating and accessing an entry in an SMEM partition.

GHSA-xx3j-5qgj-ppv5

CVSS3: 7.8

github

больше 1 года назад

Memory corruption when allocating and accessing an entry in an SMEM partition.

EPSS

Процентиль: 30%

0.00111

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2