CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

History

12 Apr 2024, 17:16

Type	Values Removed	Values Added
CWE		CWE-120

10 Jul 2023, 23:38

Type	Values Removed	Values Added
References	~~(MISC) https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin -~~	(MISC) https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin - Vendor Advisory
CWE		CWE-787
First Time		Qualcomm wcd9380 Qualcomm fastconnect 6900 Firmware Qualcomm Qualcomm fastconnect 7800 Firmware Qualcomm wcd9380 Firmware Qualcomm snapdragon 8 Gen 1 Firmware Qualcomm wsa8830 Firmware Qualcomm wsa8835 Firmware Qualcomm wsa8835 Qualcomm wsa8830 Qualcomm snapdragon 8 Gen 1 Qualcomm fastconnect 6900 Qualcomm fastconnect 7800
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::*

04 Jul 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-04 05:15

Updated : 2024-04-12 17:16

NVD link : CVE-2023-21640

Mitre link : CVE-2023-21640

CVE.ORG link : CVE-2023-21640

JSON object : View

Products Affected

qualcomm

fastconnect_6900_firmware
snapdragon_8_gen_1_firmware
wsa8830
fastconnect_7800
wsa8835
fastconnect_6900
snapdragon_8_gen_1
wcd9380
wsa8835_firmware
wcd9380_firmware
wsa8830_firmware
fastconnect_7800_firmware

CWE

CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.8 /10