Qualcomm Security Flaws Let Attackers Takeover The Devices

Hackers exploit Qualcomm’s security flaws to construct unauthorized gain admission to, develop malicious code, or doubtlessly compromise recordsdata integrity and the diagram.

Vulnerabilities fresh on Qualcomm’s current chipsets and modems are shapely to hackers meaning to breach devices ranging from smartphones to IoT devices.

By exploiting such vulnerabilities, attackers can evade security protocols by extra than one malicious acts, which signifies an instantaneous response from Qualcomm.

Vulnerabilities Detected

Right here below, we’ve talked about the total vulnerabilities detected:-

• CVE ID: CVE-2024-21473
• Title: Pass Enter Validation in WIN SON
• Description: Reminiscence corruption whereas redirecting log file to any file space with any file name.
• CVSS Ranking: Critical
• CVSS Ranking: 9.8

• CVE ID: CVE-2023-28547
• Title: Buffer Copy Without Checking Dimension of Enter in SPS Functions
• Description: Reminiscence corruption in SPS Utility whereas requesting for public key in sorter TA.
• CVSS Ranking: High
• CVSS Ranking: 8.4

• CVE ID: CVE-2023-33023
• Title: Buffer Copy with out Checking Dimension of Enter (`Traditional Buffer Overflow`) in SPS-Functions
• Description: Reminiscence corruption whereas processing the finish_sign repeat to pass a rsp buffer.
• CVSS Ranking: High
• CVSS Ranking: 8.4

• CVE ID: CVE-2023-33099
• Title: Pass Enter Validation in Multi-Mode Name Processor
• Description: Transient DOS whereas processing SMS container of non-long-established dimension obtained in DL NAS transport in NR.
• CVSS Ranking: High
• CVSS Ranking: 7.5

• CVE ID: CVE-2023-33100
• Title: Pass enter validation in Multi-Mode Name Processor
• Description: Transient DOS whereas processing DL NAS Transport message when message ID is now not outlined within the 3GPP specification.
• CVSS Ranking: High
• CVSS Ranking: 7.5

• CVE ID: CVE-2023-33101
• Title: Unsuitable Form Conversion or Forged in Multi-Mode Name Processor
• Description: Transient DOS whereas processing DL NAS TRANSPORT message with payload dimension 0.
• CVSS Ranking: High
• CVSS Ranking: 7.5

• CVE ID: CVE-2023-33115
• Title: Buffer Over-read in Trusted Execution Setting
• Description: Reminiscence corruption whereas processing buffer initialization, when relied on yarn for sure yarn forms are generated.
• CVSS Ranking: High
• CVSS Ranking: 7.8

• CVE ID: CVE-2024-21452
• Title: Pass Enter Validation in Automotive Telematics
• Description: Transient DOS whereas decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.
• CVSS Ranking: High
• CVSS Ranking: 7.3

• CVE ID: CVE-2024-21453
• Title: Pass Enter Validation in Automotive Telematics
• Description: Transient DOS whereas decoding message of dimension that exceeds the readily available diagram memory.
• CVSS Ranking: High
• CVSS Ranking: 7.5

• CVE ID: CVE-2024-21454
• Title: Integer Overflow to Buffer Overflow in Automotive Telematics
• Description: Transient DOS whereas decoding the ToBeSignedMessage in Automotive Telematics.
• CVSS Ranking: High
• CVSS Ranking: 7.5

• CVE ID: CVE-2024-21463
• Title: Buffer Copy Without Checking Dimension of Enter in Audio
• Description: Reminiscence corruption whereas processing Codec2 in the end of v13k decoder pitch synthesis.
• CVSS Ranking: High
• CVSS Ranking: 7.3

• CVE ID: CVE-2024-21470
• Title: Integer Overflow to Buffer Overflow in Graphics Windows
• Description: Reminiscence corruption whereas allocating memory for graphics.
• CVSS Ranking: High
• CVSS Ranking: 8.4

Commence Offer System Vulnerabilities

Right here below we’ve talked about the total open-source diagram vulnerabilities:-

• CVE ID: CVE-2024-21468
• Title: Exercise After Free in Kernel
• Description: Reminiscence corruption when there is failed unmap operation in GPU.
• CVSS Ranking: High
• CVSS Ranking: 8.4

• CVE ID: CVE-2024-21472
• Title: Exercise After Free in Kernel
• Description: Reminiscence corruption in Kernel whereas handling GPU operations.
• CVSS Ranking: High
• CVSS Ranking: 8.4

• CVE ID: CVE-2023-33111
• Title: Pass Validation of Array Index in Audio
• Description: Recordsdata disclosure when VI calibration reveal problem by ADSP is greater than MAX_FBSP_STATE within the response payload to AFE calibration repeat.
• CVSS Ranking: Medium
• CVSS Ranking: 5.5

• CVE ID: CVE-2023-43515
• Title: Buffer copy with out checking dimension of enter (Traditional buffer overflow) in HLOS
• Description: Reminiscence corruption in HLOS whereas working kernel handle sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.
• CVSS Ranking: Medium
• CVSS Ranking: 6.6

The vulnerability ratings of Android security bulletins are generally per familiar patterns but would possibly perchance well fluctuate as a results of some cases the set SELinux protections are bypassed on some platforms or when other consultants would possibly perchance well desire a completely different understanding of local denial of provider attacks or kernel privilege escalation vulnerabilities.

These concerns repeat how security risks would possibly perchance well moreover be assessed in diverse Android implementations.

Defend updated on Cybersecurity recordsdata, Whitepapers, and Infographics. Notice us on LinkedIn & Twitter.