CVE-2023-21630 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	qca6391_firmware	-
qualcomm	qca6574_firmware	-
qualcomm	qca6574a_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6595au_firmware	-
qualcomm	qca6696_firmware	-
qualcomm	sa6155p_firmware	-
qualcomm	sa8155p_firmware	-
qualcomm	sa8195p_firmware	-
qualcomm	sd680_firmware	-
qualcomm	sd778g_firmware	-
qualcomm	sd888_firmware	-
qualcomm	sg4150p_firmware	-
qualcomm	sm6225-ad_firmware	-
qualcomm	sm7315_firmware	-
qualcomm	sm7325_firmware	-
qualcomm	sm7325-ae_firmware	-
qualcomm	sm7325-af_firmware	-
qualcomm	sm7325p_firmware	-
qualcomm	sm7350-ab_firmware	-
qualcomm	sm8350_firmware	-
qualcomm	sm8350-ac_firmware	-
qualcomm	sm8450_firmware	-
qualcomm	sm8475_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	wcd9370_firmware	-
qualcomm	wcd9375_firmware	-
qualcomm	wcd9380_firmware	-
qualcomm	wcd9385_firmware	-
qualcomm	wcn3950_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3988_firmware	-
qualcomm	wcn6740_firmware	-
qualcomm	wcn6750_firmware	-
qualcomm	wcn685x-1_firmware	-
qualcomm	wcn685x-5_firmware	-
qualcomm	wcn785x-1_firmware	-
qualcomm	wcn785x-5_firmware	-
qualcomm	wsa8810_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8835_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin