CVE-2023-33025

Summary

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonAR8035affected
Qualcomm, Inc.SnapdragonFastConnect 6700affected
Qualcomm, Inc.SnapdragonFastConnect 6900affected
Qualcomm, Inc.SnapdragonQCA8081affected
Qualcomm, Inc.SnapdragonQCA8337affected
Qualcomm, Inc.SnapdragonQCM4490affected
Qualcomm, Inc.SnapdragonQCN6024affected
Qualcomm, Inc.SnapdragonQCN9024affected
Qualcomm, Inc.SnapdragonQCS4490affected
Qualcomm, Inc.SnapdragonSM4450affected
Qualcomm, Inc.SnapdragonSnapdragon 680 4G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 685 4G Mobile Platform (SM6225-AD)affected
Qualcomm, Inc.SnapdragonSnapdragon X65 5G Modem-RF Systemaffected
Qualcomm, Inc.SnapdragonSnapdragon X70 Modem-RF Systemaffected
Qualcomm, Inc.SnapdragonWCD9370affected
Qualcomm, Inc.SnapdragonWCD9375affected
Qualcomm, Inc.SnapdragonWCD9380affected
Qualcomm, Inc.SnapdragonWCN3950affected
Qualcomm, Inc.SnapdragonWCN3988affected
Qualcomm, Inc.SnapdragonWSA8810affected
Qualcomm, Inc.SnapdragonWSA8815affected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8832affected
Qualcomm, Inc.SnapdragonWSA8835affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References