Qualcomm Multiple Chipsets added to CISA Known Exploited Catalog - 20231206001¶
Overview¶
CISA has added multiple CVEs relating to Qualcomm chipsets to their Known Exploited Vulnerabilities. CISA has noted these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
What is the vulnerability?¶
| CVE ID | CVSS Score | Overview | Affected Products | Vendor Bulletin |
|---|---|---|---|---|
| CVE-2023-33106 | TBD | Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | See CVE Link | Vendor Bulletin |
| CVE-2023-33063 | TBD | Memory corruption in DSP Services during a remote call from HLOS to DSP. | See CVE Link | Vendor Bulletin |
| CVE-2023-33107 | TBD | Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | See CVE Link | Vendor Bulletin |
| CVE-2023-22071 | 7.8 | Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | See CVE Link | Vendor Bulletin |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management)