CRITICAL🇵🇱 Wersja polska

CVE-2023-43553

CVSS 9.8v3.1pub. 2024-03-04upd. 2025-01-09

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

🤖 AI Analysis
How it works

During parsing of beacon or probe response frames sent by an access point (AP), the vulnerable code does not properly verify the number of supported links contained in the MLIE (Multi-Link Information Element). When the AP provides more such links than expected, memory corruption occurs (CWE-823 — improper use of pointer). An attacker controlling or impersonating an access point can send a specially crafted frame and trigger this error on a victim device within the wireless network range.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code (RCE) or cause system crash, leading to violation of confidentiality, integrity, and availability of the device.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references — a detailed list of vulnerable versions and corresponding updates is available in the Qualcomm Product Security Bulletin from March 2024: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin

Who is affected

Qualcomm AR8035 Firmware, Qualcomm CSR8811 Firmware, Qualcomm FastConnect 6900 Firmware, and other Qualcomm products indicated in the manufacturer's security bulletin from March 2024.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Ar8035

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar8035 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5010

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5010 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5028

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5028 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5302

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5302 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5312

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5312 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5332

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5332 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-47372CRITICAL9.0PL ✓ten sam produkt

Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF

CVE-2025-21483CRITICAL9.8PL ✓ten sam produkt

Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-45569CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware