ByteOS Network

Vulnerability Details :

CVE-2023-21628

Summary

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-06 Jun, 2023 | 07:39

Updated At-02 Aug, 2024 | 09:44

Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:06 Jun, 2023 | 07:39

Updated At:02 Aug, 2024 | 09:44

▼CVE Numbering Authority (CNA)

Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon

Platforms

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure and Networking

Default Status

unaffected

Versions

Affected

APQ8017
APQ8064AU
APQ8076
APQ8092
APQ8094
AQT1000
AR8031
AR8035
AR9380
CSR8811
CSRA6620
CSRA6640
CSRB31024
FastConnect 6200
FastConnect 6700
FastConnect 6800
FastConnect 6900
Home Hub 100 Platform
Immersive Home 214 Platform
Immersive Home 216 Platform
Immersive Home 316 Platform
Immersive Home 318 Platform
IPQ4018
IPQ4019
IPQ4028
IPQ4029
IPQ5010
IPQ5028
IPQ6000
IPQ6005
IPQ6010
IPQ6018
IPQ6028
IPQ8064
IPQ8065
IPQ8068
IPQ8069
IPQ8070
IPQ8070A
IPQ8071
IPQ8071A
IPQ8072
IPQ8072A
IPQ8074
IPQ8074A
IPQ8076
IPQ8076A
IPQ8078
IPQ8078A
IPQ8173
IPQ8174
MDM8215
MDM9215
MDM9250
MDM9310
MDM9615
MDM9628
MDM9640
MDM9645
MDM9650
MSM8996AU
QCA0000
QCA1023
QCA1990
QCA4010
QCA4024
QCA4531
QCA6174
QCA6174A
QCA6175A
QCA6310
QCA6320
QCA6335
QCA6391
QCA6420
QCA6428
QCA6430
QCA6438
QCA6554A
QCA6564
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6574AU
QCA6584
QCA6584AU
QCA6595
QCA6595AU
QCA6696
QCA6698AQ
QCA7500
QCA8075
QCA8081
QCA9367
QCA9377
QCA9379
QCA9531
QCA9558
QCA9561
QCA9880
QCA9882
QCA9886
QCA9887
QCA9888
QCA9889
QCA9898
QCA9980
QCA9982
QCA9984
QCA9985
QCA9986
QCA9990
QCA9992
QCA9994
QCM2290
QCM4290
QCM4325
QCM4490
QCM6125
QCN5021
QCN5022
QCN5024
QCN5052
QCN5054
QCN5064
QCN5121
QCN5122
QCN5124
QCN5152
QCN5154
QCN5164
QCN5550
QCN6023
QCN6024
QCN6122
QCN6132
QCN7605
QCN7606
QCN9000
QCN9012
QCN9022
QCN9024
QCN9070
QCN9072
QCN9074
QCN9100
QCS2290
QCS410
QCS4290
QCS4490
QCS610
QCS6125
QFE1922
QFE1952
Robotics RB3 Platform
SA4150P
SA4155P
SA6145P
SA6150P
SA6155
SA6155P
SA8145P
SA8150P
SA8155
SA8155P
SA8195P
SC8180X+SDX55
SD 455
SD 675
SD 8CX
SD460
SD660
SD662
SD670
SD675
SD730
SD820
SD821
SD835
SD855
SDX20M
SDX55
SG4150P
SM4125
SM4450
SM6250
SM6250P
SM7250P
Smart Audio 200 Platform
Smart Audio 400 Platform
Snapdragon 4 Gen 1 Mobile Platform
Snapdragon 460 Mobile Platform
Snapdragon 480 5G Mobile Platform
Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Snapdragon 630 Mobile Platform
Snapdragon 636 Mobile Platform
Snapdragon 652 Mobile Platform
Snapdragon 660 Mobile Platform
Snapdragon 662 Mobile Platform
Snapdragon 665 Mobile Platform
Snapdragon 670 Mobile Platform
Snapdragon 675 Mobile Platform
Snapdragon 678 Mobile Platform (SM6150-AC)
Snapdragon 680 4G Mobile Platform
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Snapdragon 690 5G Mobile Platform
Snapdragon 695 5G Mobile Platform
Snapdragon 710 Mobile Platform
Snapdragon 712 Mobile Platform
Snapdragon 720G Mobile Platform
Snapdragon 730 Mobile Platform (SM7150-AA)
Snapdragon 730G Mobile Platform (SM7150-AB)
Snapdragon 732G Mobile Platform (SM7150-AC)
Snapdragon 750G 5G Mobile Platform
Snapdragon 765 5G Mobile Platform (SM7250-AA)
Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Snapdragon 7c Compute Platform (SC7180-AC)
Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro"
Snapdragon 808 Processor
Snapdragon 810 Processor
Snapdragon 820 Automotive Platform
Snapdragon 820 Mobile Platform
Snapdragon 821 Mobile Platform
Snapdragon 835 Mobile PC Platform
Snapdragon 845 Mobile Platform
Snapdragon 850 Mobile Compute Platform
Snapdragon 855 Mobile Platform
Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite"
Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
Snapdragon 8cx Compute Platform (SC8180X-AA, AB)
Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro"
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro"
Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)
Snapdragon Auto 5G Modem-RF
Snapdragon W5+ Gen 1 Wearable Platform
Snapdragon X12 LTE Modem
Snapdragon X20 LTE Modem
Snapdragon X24 LTE Modem
Snapdragon X5 LTE Modem
Snapdragon X50 5G Modem-RF System
Snapdragon X55 5G Modem-RF System
Snapdragon XR1 Platform
Snapdragon Auto 4G Modem
SW5100
SW5100P
SXR1120
Vision Intelligence 300 Platform
Vision Intelligence 400 Platform
WCD9326
WCD9330
WCD9335
WCD9340
WCD9341
WCD9360
WCD9370
WCD9371
WCD9375
WCD9380
WCD9385
WCN3610
WCN3615
WCN3660B
WCN3680B
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WCN3999
WSA8810
WSA8815
WSA8830
WSA8832
WSA8835

Problem Types

Type	CWE ID	Description
CWE	CWE-119	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Type: CWE

CWE ID: CWE-119

Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Metrics

Version	Base score	Base severity	Vector
3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin	N/A

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Resource: N/A

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin	x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@qualcomm.com

Published At:06 Jun, 2023 | 08:15

Updated At:12 Apr, 2024 | 17:16

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Qualcomm Technologies, Inc.

>>apq8017>>-

cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8017_firmware>>-

cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8064au>>-

cpe:2.3:h:qualcomm:apq8064au:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8064au_firmware>>-

cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8076>>-

cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8076_firmware>>-

cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8092_firmware>>-

cpe:2.3:o:qualcomm:apq8092_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8092>>-

cpe:2.3:h:qualcomm:apq8092:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8094>>-

cpe:2.3:h:qualcomm:apq8094:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>apq8094_firmware>>-

cpe:2.3:o:qualcomm:apq8094_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>aqt1000_firmware>>-

cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>aqt1000>>-

cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar8031_firmware>>-

cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar8031>>-

cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar8035>>-

cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar8035_firmware>>-

cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar9380>>-

cpe:2.3:h:qualcomm:ar9380:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ar9380_firmware>>-

cpe:2.3:o:qualcomm:ar9380_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csr8811_firmware>>-

cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csr8811>>-

cpe:2.3:h:qualcomm:csr8811:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csra6620_firmware>>-

cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csra6620>>-

cpe:2.3:h:qualcomm:csra6620:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csra6640_firmware>>-

cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csra6640>>-

cpe:2.3:h:qualcomm:csra6640:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csrb31024_firmware>>-

cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>csrb31024>>-

cpe:2.3:h:qualcomm:csrb31024:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3991_firmware>>-

cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3991>>-

cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3998_firmware>>-

cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3998>>-

cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn6750_firmware>>-

cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn6750>>-

cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6390_firmware>>-

cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6390>>-

cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn685x-5_firmware>>-

cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn685x-5>>-

cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn685x-1_firmware>>-

cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn685x-1>>-

cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>home_hub_100_platform_firmware>>-

cpe:2.3:o:qualcomm:home_hub_100_platform_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>home_hub_100_platform>>-

cpe:2.3:h:qualcomm:home_hub_100_platform:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_214_platform_firmware>>-

cpe:2.3:o:qualcomm:immersive_home_214_platform_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_214_platform>>-

cpe:2.3:h:qualcomm:immersive_home_214_platform:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_216_platform_firmware>>-

cpe:2.3:o:qualcomm:immersive_home_216_platform_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_216_platform>>-

cpe:2.3:h:qualcomm:immersive_home_216_platform:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_316_platform_firmware>>-

cpe:2.3:o:qualcomm:immersive_home_316_platform_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_316_platform>>-

cpe:2.3:h:qualcomm:immersive_home_316_platform:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_318_platform_firmware>>-

cpe:2.3:o:qualcomm:immersive_home_318_platform_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>immersive_home_318_platform>>-

cpe:2.3:h:qualcomm:immersive_home_318_platform:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ipq4018_firmware>>-

cpe:2.3:o:qualcomm:ipq4018_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>ipq4018>>-

cpe:2.3:h:qualcomm:ipq4018:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-119	Secondary	product-security@qualcomm.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-119

Type: Secondary

Source: product-security@qualcomm.com

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin	product-security@qualcomm.com	Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

CVE-2023-21628

Credits

Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs