CVE-2023-28581

Summary

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonFastConnect 6800affected
Qualcomm, Inc.SnapdragonFastConnect 6900affected
Qualcomm, Inc.SnapdragonFastConnect 7800affected
Qualcomm, Inc.SnapdragonQCA6391affected
Qualcomm, Inc.SnapdragonQCA6426affected
Qualcomm, Inc.SnapdragonQCA6436affected
Qualcomm, Inc.SnapdragonSD 8 Gen1 5Gaffected
Qualcomm, Inc.SnapdragonSD865 5Gaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 865 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 865+ 5G Mobile Platform (SM8250-AB)affected
Qualcomm, Inc.SnapdragonSnapdragon 870 5G Mobile Platform (SM8250-AC)affected
Qualcomm, Inc.SnapdragonSnapdragon AR2 Gen 1 Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon XR2 5G Platformaffected
Qualcomm, Inc.SnapdragonSSG2115Paffected
Qualcomm, Inc.SnapdragonSSG2125Paffected
Qualcomm, Inc.SnapdragonSXR1230Paffected
Qualcomm, Inc.SnapdragonSXR2230Paffected
Qualcomm, Inc.SnapdragonWCD9380affected
Qualcomm, Inc.SnapdragonWCD9385affected
Qualcomm, Inc.SnapdragonWCN6740affected
Qualcomm, Inc.SnapdragonWSA8810affected
Qualcomm, Inc.SnapdragonWSA8815affected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8832affected
Qualcomm, Inc.SnapdragonWSA8835affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References