CVE-2023-28560

Q: What is the severity of CVE-2023-28560?

CVE-2023-28560 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in the WLAN Hardware Abstraction Layer (HAL) when processing devIndex values from untrusted WMI payloads. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. This affects devices using Qualcomm WLAN chipsets with vulnerable firmware.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability allows memory corruption in the WLAN Hardware Abstraction Layer (HAL) when processing devIndex values from untrusted WMI payloads. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. This affects devices using Qualcomm WLAN chipsets with vulnerable firmware.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and associated firmware

Versions: Specific firmware versions not detailed in public advisory

Operating Systems: Android, Linux-based systems using Qualcomm WLAN

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm WLAN firmware; exact device models not specified in public advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise

🟠

Likely Case

System crash or denial of service affecting WLAN functionality

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations

🌐 Internet-Facing: MEDIUM - Requires WLAN access but could be exploited via malicious packets

🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send crafted WMI packets to WLAN interface; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm September 2023 security bulletin for specific firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/firmware versions. 2. Obtain updated firmware from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to activate new firmware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate WLAN networks from critical systems

WLAN Access Control

all

Restrict WLAN access to trusted devices only

🧯 If You Can't Patch

Disable WLAN functionality if not required
Implement strict network segmentation to isolate WLAN traffic

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory; examine WLAN chipset model and firmware version

Check Version:

Device-specific commands vary by manufacturer; typically 'dmesg | grep -i wlan' or manufacturer-specific firmware check tools

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panics
WLAN driver crashes
Memory corruption errors in system logs

Network Indicators:

Unusual WMI packet patterns
Malformed WLAN management frames

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "segfault") AND ("wlan" OR "wifi" OR "802.11")

📊 Metadata

CVE ID: CVE-2023-28560

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

8098 Firmware by Qualcomm

8998 Firmware by Qualcomm

Apq5053 Aa Firmware by Qualcomm

Apq8009 Firmware by Qualcomm

Apq8076 Firmware by Qualcomm

Apq8084 Firmware by Qualcomm

Apq8092 Firmware by Qualcomm

Apq8094 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Mdm9235m Firmware by Qualcomm

Mdm9330 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca1990 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4010 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6164 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm