Vulnerability Details : CVE-2023-33058
Information disclosure in Modem while processing SIB5.
Vulnerability category: Information leak
Products affected by CVE-2023-33058
- cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcc710_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_x70_modem-rf_system_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcm4490_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs4490_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_8\+_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6274_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qfw7114_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qfw7124_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33058
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33058
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
3.9
|
5.2
|
NIST | 2024-02-09 |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
3.9
|
4.2
|
Qualcomm, Inc. | 2024-02-06 |
CWE ids for CVE-2023-33058
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.Assigned by: product-security@qualcomm.com (Secondary)
References for CVE-2023-33058
-
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin
Security Bulletins | Qualcomm DocumentationVendor Advisory
Jump to