CVE-2023-43513 — Use of Out-of-range Pointer Offset in INC Snapdragon

CWE-823 — Use of Out-of-range Pointer Offset CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 83.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedFeb 6

Description

Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon267 versions+266

🔴Vulnerability Details

GHSA

GHSA-pg26-49x3-7h59: Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may poin↗2024-02-06

▶

📋Vendor Advisories

Android

CVE-2023-43513: Kernel↗2024-02-01

▶