Vulnerability Details : CVE-2023-33034
Memory corruption while parsing the ADSP response command.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-33034
- cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7325_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm4375_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:apq5053-aa_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm4350-ac_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7325-ae_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7350-ab_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7325-af_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm8350-ac_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:flight_rb5_5g_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:robotics_rb5_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc1_platform_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33034
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33034
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Qualcomm, Inc. |
CWE ids for CVE-2023-33034
-
The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.Assigned by: product-security@qualcomm.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33034
-
https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin
Security Bulletins | Qualcomm DocumentationPatch;Vendor Advisory
Jump to