ByteOS Network

Vulnerability Details :

CVE-2023-21630

Summary

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-04 Apr, 2023 | 04:46

Updated At-02 Aug, 2024 | 09:44

Integer Overflow in Multimedia Framework

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:04 Apr, 2023 | 04:46

Updated At:02 Aug, 2024 | 09:44

▼CVE Numbering Authority (CNA)

Integer Overflow in Multimedia Framework

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon

Platforms

Snapdragon Auto
Snapdragon Compute
Snapdragon Mobile
Snapdragon Wearables

Default Status

unaffected

Versions

Affected

FastConnect 6700
FastConnect 6900
FastConnect 7800
QCA6391
QCA6574
QCA6574A
QCA6574AU
QCA6595AU
QCA6696
SA6155P
SA8155P
SA8195P
SD 8 Gen1 5G
SD778G
SD888
SG4150P
SM7315
SM7325P
Snapdragon 680 4G Mobile Platform
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Snapdragon 778G 5G Mobile Platform
Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)
Snapdragon 780G 5G Mobile Platform
Snapdragon 782G Mobile Platform (SM7325-AF)
Snapdragon 8 Gen 1 Mobile Platform
Snapdragon 888 5G Mobile Platform
Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
SW5100
SW5100P
WCD9370
WCD9375
WCD9380
WCD9385
WCN3950
WCN3980
WCN3988
WCN6740
WSA8810
WSA8830
WSA8835

Problem Types

Type	CWE ID	Description
CWE	CWE-191	CWE-191 Integer Underflow (Wrap or Wraparound)

Type: CWE

CWE ID: CWE-191

Description: CWE-191 Integer Underflow (Wrap or Wraparound)

Metrics

Version	Base score	Base severity	Vector
3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin	N/A

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_6700_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_6900_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_7800_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6391_firmware

CPEs

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6574_firmware

CPEs

cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6574a_firmware

CPEs

cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6574au_firmware

CPEs

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6595au_firmware

CPEs

cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6696_firmware

CPEs

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sa6155p_firmware

CPEs

cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sa8155p_firmware

CPEs

cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sa8195p_firmware

CPEs

cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sd_8_gen1_5g_firmware

CPEs

cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sd778g_firmware

CPEs

cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sd888_firmware

CPEs

cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sg4150p_firmware

CPEs

cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sm7315_firmware

CPEs

cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sm7325p_firmware

CPEs

cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_680_4g_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_778g_5g_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_778g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_780g_5g_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_780g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_8_gen_1_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_888_5g_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sw5100_firmware

CPEs

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sw5100p_firmware

CPEs

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9370_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9375_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9380_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9385_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3950_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3980_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3988_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn6740_firmware

CPEs

cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8810_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8830_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8835_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin	x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@qualcomm.com

Published At:13 Apr, 2023 | 07:15

Updated At:12 Apr, 2024 | 17:16

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Qualcomm Technologies, Inc.

>>qca6391_firmware>>-

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6391>>-

cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574_firmware>>-

cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574>>-

cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574a_firmware>>-

cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574a>>-

cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574au_firmware>>-

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6574au>>-

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6595au_firmware>>-

cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6595au>>-

cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6696_firmware>>-

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6696>>-

cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa6155p_firmware>>-

cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa6155p>>-

cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa8155p_firmware>>-

cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa8155p>>-

cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa8195p_firmware>>-

cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sa8195p>>-

cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd680_firmware>>-

cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd680>>-

cpe:2.3:h:qualcomm:sd680:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd778g_firmware>>-

cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd778g>>-

cpe:2.3:h:qualcomm:sd778g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd888_firmware>>-

cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd888>>-

cpe:2.3:h:qualcomm:sd888:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sg4150p_firmware>>-

cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sg4150p>>-

cpe:2.3:h:qualcomm:sg4150p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm6225-ad_firmware>>-

cpe:2.3:o:qualcomm:sm6225-ad_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm6225-ad>>-

cpe:2.3:h:qualcomm:sm6225-ad:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7315_firmware>>-

cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7315>>-

cpe:2.3:h:qualcomm:sm7315:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325_firmware>>-

cpe:2.3:o:qualcomm:sm7325_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325>>-

cpe:2.3:h:qualcomm:sm7325:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325-ae_firmware>>-

cpe:2.3:o:qualcomm:sm7325-ae_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325-ae>>-

cpe:2.3:h:qualcomm:sm7325-ae:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325-af_firmware>>-

cpe:2.3:o:qualcomm:sm7325-af_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325-af>>-

cpe:2.3:h:qualcomm:sm7325-af:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325p_firmware>>-

cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7325p>>-

cpe:2.3:h:qualcomm:sm7325p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7350-ab_firmware>>-

cpe:2.3:o:qualcomm:sm7350-ab_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm7350-ab>>-

cpe:2.3:h:qualcomm:sm7350-ab:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8350_firmware>>-

cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8350>>-

cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8350-ac_firmware>>-

cpe:2.3:o:qualcomm:sm8350-ac_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8350-ac>>-

cpe:2.3:h:qualcomm:sm8350-ac:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8450_firmware>>-

cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8450>>-

cpe:2.3:h:qualcomm:sm8450:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8475_firmware>>-

cpe:2.3:o:qualcomm:sm8475_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sm8475>>-

cpe:2.3:h:qualcomm:sm8475:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sw5100_firmware>>-

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sw5100>>-

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov
CWE-191	Secondary	product-security@qualcomm.com

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-191

Type: Secondary

Source: product-security@qualcomm.com

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin	product-security@qualcomm.com	Patch Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Source: product-security@qualcomm.com

Resource:

Patch

Vendor Advisory

CVE-2023-21630

Credits

Integer Overflow in Multimedia Framework

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By