CISA adds four Qualcomm vulnerabilities to the Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:
CVE-2023-33106 (8.4 high severity) Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
CVE-2023-33063 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVE-2023-33107 (8.4 high) Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVE-2022-22071 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability
These were originally identified under "limited targeted exploitation" by Google TAG and Project Zero in Qualcomm's October 2023 Security Bulletin
#CISA #KnownExploitedVulnerabilitiesCatalog #KEV #eitw #activeexploitation #CVE202333106 #CVE202333107 #CVE202333063 #CVE202222071 #Qualcomm