Main Vulnerability Database Vulnerabilities #VU80390

Buffer over-read in Qualcomm products - CVE-2023-21667

Published: September 4, 2023

Vulnerability identifier: #VU80390

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-21667

CWE-ID: CWE-126

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Qualcomm

Affected software:
QCA6390
QCA6391
QCA6426
QCA6436
QCA6595AU
QCA6696
QCC5100
QCN9074
QCS410
QCS610
SA6145P
SA6150P
SA8145P
SA8150P
SA8155P
SA8195P
SD 8 Gen1 5G
SD865 5G
SD870
SDX55M
SDXR2 5G
SW5100
SW5100P
WCD9341
WCD9370
WCD9380
WCN3660B
WCN3680B
WCN3950
WCN3980
WCN3988
WCN6850
WCN6851
WCN6855
WCN6856
WCN7850
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835
QCA6574AU
SA6155P

Detailed vulnerability description

The vulnerability allows a remote application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote application can perform a denial of service (DoS) attack.

How to mitigate CVE-2023-21667

Install security update from vendor's website.

Sources

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2023-bulletin.html

Buffer over-read in Qualcomm products - CVE-2023-21667

Detailed vulnerability description

How to mitigate CVE-2023-21667

Sources

Please verify you're human