CVE-2023-21644 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qualcomm	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
qualcomm	aqt1000_firmware	-
qualcomm	qca6390_firmware	-
qualcomm	qca6391_firmware	-
qualcomm	qca6420_firmware	-
qualcomm	qca6426_firmware	-
qualcomm	qca6430_firmware	-
qualcomm	qca6436_firmware	-
qualcomm	qca6574a_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6595au_firmware	-
qualcomm	qca6696_firmware	-
qualcomm	qcc5100_firmware	-
qualcomm	sa515m_firmware	-
qualcomm	sa6145p_firmware	-
qualcomm	sa6150p_firmware	-
qualcomm	sa6155p_firmware	-
qualcomm	sa8145p_firmware	-
qualcomm	sa8150p_firmware	-
qualcomm	sa8155p_firmware	-
qualcomm	sa8195p_firmware	-
qualcomm	sd480_firmware	-
qualcomm	sd695_firmware	-
qualcomm	sd855_firmware	-
qualcomm	sd865_5g_firmware	-
qualcomm	sd870_firmware	-
qualcomm	sda429w_firmware	-
qualcomm	sdx55_firmware	-
qualcomm	sdx55m_firmware	-
qualcomm	sdxr2_5g_firmware	-
qualcomm	sm4375_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	wcd9341_firmware	-
qualcomm	wcd9360_firmware	-
qualcomm	wcd9370_firmware	-
qualcomm	wcd9375_firmware	-
qualcomm	wcd9380_firmware	-
qualcomm	wcd9385_firmware	-
qualcomm	wcn3610_firmware	-
qualcomm	wcn3660b_firmware	-
qualcomm	wcn3680b_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3988_firmware	-
qualcomm	wcn3991_firmware	-
qualcomm	wcn3998_firmware	-
qualcomm	wcn6850_firmware	-
qualcomm	wcn6851_firmware	-
qualcomm	wsa8810_firmware	-
qualcomm	wsa8815_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8835_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-680 - Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin