"Qualcomm Chip Vulnerability Enables Remote Attack by Voice Call"

Qualcomm has disclosed a critical vulnerability that would enable remote attacks through malicious voice calls over LTE networks. The company listed 26 vulnerabilities, four of which are critical, affecting Qualcomm chipsets. According to Qualcomm, the most severe vulnerability, tracked as CVE-2023-33025 with a CVSS score of 9.8, involves a buffer overflow flaw. It causes memory corruption in the data modem, which happens during Voice-over-LTE (VoLTE) calls when the Session Description Protocol (SDP) body is non-standard. SDP helps connect two devices for a communication session, such as a VoLTE call. If a remote attacker manipulates the SDP body with their own content and initiates a call in which the malicious SDP is processed by the receiving device's data modem, the attacker could exploit memory corruption in the modem for Remote Code Execution (RCE). This article continues to discuss the critical Qualcomm vulnerability that poses a risk when receiving calls over LTE.

SC Magazine reports "Qualcomm Chip Vulnerability Enables Remote Attack by Voice Call"

Submitted by grigby1

Submitted by Gregory Rigby on