Law enforcement will likely find it much harder to take down criminal activities on the “deepverse.”
Related Posts
FTC bans data broker from selling Americans’ location data
FTC bans data broker from selling Americans’ location data
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans’ raw location data that could be used for tracking purposes. […] Read More
BleepingComputer
Qualcomm Security Flaws Let Attackers Takeover The Devices
Qualcomm Security Flaws Let Attackers Takeover The Devices
[[{“value”:”
Hackers exploit Qualcomm’s security flaws to gain unauthorized access, execute malicious code, or potentially compromise data integrity and the system.
Vulnerabilities present on Qualcomm’s popular chipsets and modems are desirable to hackers intending to breach devices ranging from smartphones to IoT devices.
By exploiting such vulnerabilities, attackers can evade security protocols via multiple malicious acts, which indicates an immediate response from Qualcomm.
Vulnerabilities Detected
Here below, we have mentioned all the vulnerabilities detected:-
CVE ID: CVE-2024-21473
Title: Improper Input Validation in WIN SON
Description: Memory corruption while redirecting log file to any file location with any file name.
CVSS Rating: Critical
CVSS Score: 9.8
CVE ID: CVE-2023-28547
Title: Buffer Copy Without Checking Size of Input in SPS Applications
Description: Memory corruption in SPS Application while requesting for public key in sorter TA.
CVSS Rating: High
CVSS Score: 8.4
CVE ID: CVE-2023-33023
Title: Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in SPS-Applications
Description: Memory corruption while processing the finish_sign command to pass a rsp buffer.
CVSS Rating: High
CVSS Score: 8.4
CVE ID: CVE-2023-33099
Title: Improper Input Validation in Multi-Mode Call Processor
Description: Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR.
CVSS Rating: High
CVSS Score: 7.5
CVE ID: CVE-2023-33100
Title: Improper input validation in Multi-Mode Call Processor
Description: Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification.
CVSS Rating: High
CVSS Score: 7.5
CVE ID: CVE-2023-33101
Title: Incorrect Type Conversion or Cast in Multi-Mode Call Processor
Description: Transient DOS while processing DL NAS TRANSPORT message with payload length 0.
CVSS Rating: High
CVSS Score: 7.5
CVE ID: CVE-2023-33115
Title: Buffer Over-read in Trusted Execution Environment
Description: Memory corruption while processing buffer initialization, when trusted report for certain report types are generated.
CVSS Rating: High
CVSS Score: 7.8
CVE ID: CVE-2024-21452
Title: Improper Input Validation in Automotive Telematics
Description: Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.
CVSS Rating: High
CVSS Score: 7.3
CVE ID: CVE-2024-21453
Title: Improper Input Validation in Automotive Telematics
Description: Transient DOS while decoding message of size that exceeds the available system memory.
CVSS Rating: High
CVSS Score: 7.5
CVE ID: CVE-2024-21454
Title: Integer Overflow to Buffer Overflow in Automotive Telematics
Description: Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.
CVSS Rating: High
CVSS Score: 7.5
CVE ID: CVE-2024-21463
Title: Buffer Copy Without Checking Size of Input in Audio
Description: Memory corruption while processing Codec2 during v13k decoder pitch synthesis.
CVSS Rating: High
CVSS Score: 7.3
CVE ID: CVE-2024-21470
Title: Integer Overflow to Buffer Overflow in Graphics Windows
Description: Memory corruption while allocating memory for graphics.
CVSS Rating: High
CVSS Score: 8.4
Open Source Software Vulnerabilities
Here below we have mentioned all the open-source software vulnerabilities:-
CVE ID: CVE-2024-21468
Title: Use After Free in Kernel
Description: Memory corruption when there is failed unmap operation in GPU.
CVSS Rating: High
CVSS Score: 8.4
CVE ID: CVE-2024-21472
Title: Use After Free in Kernel
Description: Memory corruption in Kernel while handling GPU operations.
CVSS Rating: High
CVSS Score: 8.4
CVE ID: CVE-2023-33111
Title: Improper Validation of Array Index in Audio
Description: Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
CVSS Rating: Medium
CVSS Score: 5.5
CVE ID: CVE-2023-43515
Title: Buffer copy without checking size of input (Classic buffer overflow) in HLOS
Description: Memory corruption in HLOS while running kernel address sanitizers (syzkaller) on tmecom with DEBUG_FS enabled.
CVSS Rating: Medium
CVSS Score: 6.6
The vulnerability ratings of Android security bulletins are typically based on familiar patterns but could differ as a result of some cases where SELinux protections are bypassed on some platforms or when other experts may have a different understanding of local denial of service attacks or kernel privilege escalation vulnerabilities.
These complications show how security risks can be assessed in various Android implementations.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Qualcomm Security Flaws Let Attackers Takeover The Devices appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
FBI warns of massive wave of road toll SMS phishing attacks
FBI warns of massive wave of road toll SMS phishing attacks
On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees. […] Read More
BleepingComputer