8.4

CVE-2023-43517

Memory corruption in Automotive Multimedia due to improper access control in HAB.

Data is provided by the National Vulnerability Database (NVD)
QualcommQam8255p Firmware Version-
   QualcommQam8255p Version-
QualcommQam8295p Firmware Version-
   QualcommQam8295p Version-
QualcommQam8650p Firmware Version-
   QualcommQam8650p Version-
QualcommQam8775p Firmware Version-
   QualcommQam8775p Version-
QualcommQamsrv1h Firmware Version-
   QualcommQamsrv1h Version-
QualcommQamsrv1m Firmware Version-
   QualcommQamsrv1m Version-
QualcommQca6574au Firmware Version-
   QualcommQca6574au Version-
QualcommQca6595 Firmware Version-
   QualcommQca6595 Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommSa8255p Firmware Version-
   QualcommSa8255p Version-
QualcommSa8295p Firmware Version-
   QualcommSa8295p Version-
QualcommSa8540p Firmware Version-
   QualcommSa8540p Version-
QualcommSa8650p Firmware Version-
   QualcommSa8650p Version-
QualcommSa8770p Firmware Version-
   QualcommSa8770p Version-
QualcommSa8775p Firmware Version-
   QualcommSa8775p Version-
QualcommSa9000p Firmware Version-
   QualcommSa9000p Version-
QualcommSrv1h Firmware Version-
   QualcommSrv1h Version-
QualcommSrv1m Firmware Version-
   QualcommSrv1m Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.142
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.