#VU76880 Buffer over-read in Qualcomm products - CVE-2023-21669
Published: June 5, 2023
Vulnerability identifier: #VU76880
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-21669
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
FastConnect 6200
FastConnect 6800
FastConnect 6900
Flight RB5 5G Platform
QCA6391
QCA6420
QCA6421
QCA6426
QCA6430
QCA6431
QCA6436
QCM2290
QCM4290
QCN9074
QCS2290
QCS4290
QCS8250
QRB5165M
QRB5165N
Robotics RB5 Platform
SD660
SD865 5G
SM6250
Snapdragon 429 Mobile Platform
Snapdragon 660 Mobile Platform
Snapdragon 675 Mobile Platform
Snapdragon 678 Mobile Platform (SM6150-AC)
Snapdragon 720G Mobile Platform
Snapdragon 730 Mobile Platform (SM7150-AA)
Snapdragon 730G Mobile Platform (SM7150-AB)
Snapdragon 732G Mobile Platform (SM7150-AC)
Snapdragon 855 Mobile Platform
Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Snapdragon 865 5G Mobile Platform
Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Snapdragon 870 5G Mobile Platform (SM8250-AC)
Snapdragon X50 5G Modem-RF System
Snapdragon X55 5G Modem-RF System
Snapdragon XR2 5G Platform
WCD9335
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3620
WCN3660B
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WSA8810
WSA8815
SD730
SD855
SDM429W
SDX55
SXR2130
AQT1000
FastConnect 6200
FastConnect 6800
FastConnect 6900
Flight RB5 5G Platform
QCA6391
QCA6420
QCA6421
QCA6426
QCA6430
QCA6431
QCA6436
QCM2290
QCM4290
QCN9074
QCS2290
QCS4290
QCS8250
QRB5165M
QRB5165N
Robotics RB5 Platform
SD660
SD865 5G
SM6250
Snapdragon 429 Mobile Platform
Snapdragon 660 Mobile Platform
Snapdragon 675 Mobile Platform
Snapdragon 678 Mobile Platform (SM6150-AC)
Snapdragon 720G Mobile Platform
Snapdragon 730 Mobile Platform (SM7150-AA)
Snapdragon 730G Mobile Platform (SM7150-AB)
Snapdragon 732G Mobile Platform (SM7150-AC)
Snapdragon 855 Mobile Platform
Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Snapdragon 865 5G Mobile Platform
Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Snapdragon 870 5G Mobile Platform (SM8250-AC)
Snapdragon X50 5G Modem-RF System
Snapdragon X55 5G Modem-RF System
Snapdragon XR2 5G Platform
WCD9335
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3620
WCN3660B
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WSA8810
WSA8815
SD730
SD855
SDM429W
SDX55
SXR2130
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read and manipulate data.
Remediation
Install security update from vendor's website.