#VU79026 Buffer over-read in Qualcomm products - CVE-2023-21625
Published: August 7, 2023
Vulnerability identifier: #VU79026
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-21625
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8017
MDM9650
MSM8917
MSM8937
QCA6174A
QCA6574AU
QCA9377
QCS405
SD205
SD210
SD835
APQ8037
AR8031
CSRA6620
CSRA6640
MDM9205
MDM9250
MSM8108
MSM8208
MSM8209
MSM8608
QCA4004
QCA4010
QCA4020
QCA4024
QCA6564A
QCA6564AU
QCA6574A
QTS110
SD429
SD439
WCD9306
WCD9326
WCD9335
WCD9340
WCN3610
WCN3615
WCN3660B
WCN3680B
WCN3980
WCN3990
WCN3998
WCN3999
WSA8810
WSA8815
APQ8009
APQ8017
MDM9650
MSM8917
MSM8937
QCA6174A
QCA6574AU
QCA9377
QCS405
SD205
SD210
SD835
APQ8037
AR8031
CSRA6620
CSRA6640
MDM9205
MDM9250
MSM8108
MSM8208
MSM8209
MSM8608
QCA4004
QCA4010
QCA4020
QCA4024
QCA6564A
QCA6564AU
QCA6574A
QTS110
SD429
SD439
WCD9306
WCD9326
WCD9335
WCD9340
WCN3610
WCN3615
WCN3660B
WCN3680B
WCN3980
WCN3990
WCN3998
WCN3999
WSA8810
WSA8815
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Network Services. A remote attacker can read and manipulate data.
Remediation
Install security update from vendor's website.