Lucene search

QualcommCVE-2023-21642

HistoryMay 02, 2023 - 6:15 a.m.

CVE-2023-21642

2023-05-0206:15:10

CWE-284

qualcomm

web.nvd.nist.gov

cve-2023-21642

memory corruption

hab memory

system privileges

nvd

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Memory corruption in HAB Memory management due to broad system privileges via physical address.

Affected configurations

Nvd

Node

qualcommqam8295pMatch-

AND

qualcommqam8295p_firmwareMatch-

Node

qualcommqca6574auMatch-

AND

qualcommqca6574au_firmwareMatch-

Node

qualcommqca6696Match-

AND

qualcommqca6696_firmwareMatch-

Node

qualcommsa6145pMatch-

AND

qualcommsa6145p_firmwareMatch-

Node

qualcommsa6150pMatch-

AND

qualcommsa6150p_firmwareMatch-

Node

qualcommsa6155pMatch-

AND

qualcommsa6155p_firmwareMatch-

Node

qualcommsa8145p_firmwareMatch-

AND

qualcommsa8145pMatch-

Node

qualcommsa8150p_firmwareMatch-

AND

qualcommsa8150pMatch-

Node

qualcommsa8155p_firmwareMatch-

AND

qualcommsa8155pMatch-

Node

qualcommsa8195p_firmwareMatch-

AND

qualcommsa8195pMatch-

Node

qualcommsa8295p_firmwareMatch-

AND

qualcommsa8295pMatch-

Node

qualcommsa8540p_firmwareMatch-

AND

qualcommsa8540pMatch-

Node

qualcommsa9000p_firmwareMatch-

AND

qualcommsa9000pMatch-

VendorProductVersionCPE
qualcommqam8295p-cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
qualcommqam8295p_firmware-cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
qualcommqca6574au-cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
qualcommqca6574au_firmware-cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
qualcommqca6696-cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
qualcommqca6696_firmware-cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
qualcommsa6145p-cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*
qualcommsa6145p_firmware-cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
qualcommsa6150p-cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*
qualcommsa6150p_firmware-cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	qam8295p	-	cpe:2.3:h:qualcomm:qam8295p:-:::::::*
qualcomm	qam8295p_firmware	-	cpe:2.3:o:qualcomm:qam8295p_firmware:-:::::::*
qualcomm	qca6574au	-	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
qualcomm	qca6574au_firmware	-	cpe:2.3:o:qualcomm:qca6574au_firmware:-:::::::*
qualcomm	qca6696	-	cpe:2.3:h:qualcomm:qca6696:-:::::::*
qualcomm	qca6696_firmware	-	cpe:2.3:o:qualcomm:qca6696_firmware:-:::::::*
qualcomm	sa6145p	-	cpe:2.3:h:qualcomm:sa6145p:-:::::::*
qualcomm	sa6145p_firmware	-	cpe:2.3:o:qualcomm:sa6145p_firmware:-:::::::*
qualcomm	sa6150p	-	cpe:2.3:h:qualcomm:sa6150p:-:::::::*
qualcomm	sa6150p_firmware	-	cpe:2.3:o:qualcomm:sa6150p_firmware:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Auto"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "QAM8295P"
      },
      {
        "status": "affected",
        "version": "QCA6574AU"
      },
      {
        "status": "affected",
        "version": "QCA6696"
      },
      {
        "status": "affected",
        "version": "SA6145P"
      },
      {
        "status": "affected",
        "version": "SA6150P"
      },
      {
        "status": "affected",
        "version": "SA6155P"
      },
      {
        "status": "affected",
        "version": "SA8145P"
      },
      {
        "status": "affected",
        "version": "SA8150P"
      },
      {
        "status": "affected",
        "version": "SA8155P"
      },
      {
        "status": "affected",
        "version": "SA8195P"
      },
      {
        "status": "affected",
        "version": "SA8295P"
      },
      {
        "status": "affected",
        "version": "SA8540P"
      },
      {
        "status": "affected",
        "version": "SA9000P"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-21642