Qualcomm 9205 Lte Modem Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Qualcomm 9205 Lte Modem Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2023-43551 — CVSS 9.1 (critical): Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send…
CVE-2022-33291 — CVSS 8.2 (high): Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.
CVE-2022-33287 — CVSS 8.2 (high): Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.
CVE-2023-43542 — CVSS 7.8 (high): Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.
CVE-2023-28551 — CVSS 7.8 (high): Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
CVE-2022-33302 — CVSS 6.8 (medium): Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVE-2023-28586 — CVSS 6.0 (medium): Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.