CVE-2023-28543 – Out of Bounds read in SNPE Library (5th Sep 2023)

Preface: The Qualcomm Neural Processing SDK is designed to help developers run one or more neural network models trained in TensorFlow, PyTorch,…

Background: Deep neural network (DNN) models can address these limitations of matrix factorization. DNNs can easily incorporate query features and item features (due to the flexibility of the input layer of the network), which can help capture the specific interests of a user and improve the relevance of recommendations.

• Network is a collection of connected layers

• DNN models are stored in DLC files

According to Qualcomm, the Qualcomm® QCS605 SoC is a high performance IoT System-on-Chip (SoCs) that incorporates key features for building advanced use cases encompassing machine learning, edge computing, sensor processing, voice UI enablement and integrated wireless connectivity.

Vulnerability details: A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote source).

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-28543

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.