CVE-2023-21639: Buffer Copy Without Checking the Size of Input in Audio
First published: Tue Jul 04 2023(Updated: )
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Credit: product-security@qualcomm.com product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Qualcomm AQT1000 Firmware | ||
| Qualcomm AQT1000 Firmware | ||
| All of | ||
| Qualcomm FastConnect 6200 | ||
| Qualcomm FastConnect 6200 Firmware | ||
| All of | ||
| Qualcomm QCA6420 Firmware | ||
| Qualcomm QCA6420 Firmware | ||
| All of | ||
| Qualcomm QCA6430 firmware | ||
| Qualcomm QCA6430 firmware | ||
| All of | ||
| qualcomm sg4150p Firmware | ||
| qualcomm sg4150p Firmware | ||
| All of | ||
| Qualcomm SA4155P | ||
| Qualcomm SA4155P | ||
| All of | ||
| Qualcomm SA6155 | ||
| Qualcomm SA6155P | ||
| All of | ||
| Qualcomm SA8155 | ||
| Qualcomm SA8155P Firmware | ||
| All of | ||
| Qualcomm SA8195P | ||
| Qualcomm SA8195P Firmware | ||
| All of | ||
| Qualcomm Snapdragon 855 | ||
| Qualcomm Snapdragon 855 | ||
| All of | ||
| Qualcomm Snapdragon 855 Firmware | ||
| Qualcomm Snapdragon 855+/860 | ||
| All of | ||
| Qualcomm Snapdragon 855+/860 firmware | ||
| Qualcomm Snapdragon 855+/860 | ||
| All of | ||
| Qualcomm Snapdragon W5+ Gen 1 Firmware | ||
| Qualcomm Snapdragon W5+ Gen 1 | ||
| All of | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100P | ||
| All of | ||
| Qualcomm SW5100 Firmware | ||
| Qualcomm SW5100 Firmware | ||
| All of | ||
| Qualcomm WCD9341 | ||
| Qualcomm WCD9341 Firmware | ||
| All of | ||
| Qualcomm Wcn3980 | ||
| Qualcomm WCN3980 | ||
| All of | ||
| Qualcomm WCN3988 Firmware | ||
| Qualcomm WCN3988 Firmware | ||
| All of | ||
| Qualcomm WSA8810 | ||
| Qualcomm WSA8810 Firmware | ||
| All of | ||
| Qualcomm WSA8815 Firmware | ||
| Qualcomm WSA8815 Firmware | ||
| All of | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8830 | ||
| All of | ||
| Qualcomm WSA8835 | ||
| Qualcomm WSA8835 Firmware | ||
| Qualcomm AQT1000 Firmware | ||
| Qualcomm AQT1000 Firmware | ||
| Qualcomm FastConnect 6200 | ||
| Qualcomm FastConnect 6200 Firmware | ||
| Qualcomm QCA6420 Firmware | ||
| Qualcomm QCA6420 Firmware | ||
| Qualcomm QCA6430 firmware | ||
| Qualcomm QCA6430 firmware | ||
| qualcomm sg4150p Firmware | ||
| qualcomm sg4150p Firmware | ||
| Qualcomm SA4155P | ||
| Qualcomm SA4155P | ||
| Qualcomm SA6155 | ||
| Qualcomm SA6155P | ||
| Qualcomm SA8155 | ||
| Qualcomm SA8155P Firmware | ||
| Qualcomm SA8195P | ||
| Qualcomm SA8195P Firmware | ||
| Qualcomm Snapdragon 855 | ||
| Qualcomm Snapdragon 855 | ||
| Qualcomm Snapdragon 855 Firmware | ||
| Qualcomm Snapdragon 855+/860 | ||
| Qualcomm Snapdragon 855+/860 firmware | ||
| Qualcomm Snapdragon 855+/860 | ||
| Qualcomm Snapdragon W5+ Gen 1 Firmware | ||
| Qualcomm Snapdragon W5+ Gen 1 | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100 Firmware | ||
| Qualcomm SW5100 Firmware | ||
| Qualcomm WCD9341 | ||
| Qualcomm WCD9341 Firmware | ||
| Qualcomm Wcn3980 | ||
| Qualcomm WCN3980 | ||
| Qualcomm WCN3988 Firmware | ||
| Qualcomm WCN3988 Firmware | ||
| Qualcomm WSA8810 | ||
| Qualcomm WSA8810 Firmware | ||
| Qualcomm WSA8815 Firmware | ||
| Qualcomm WSA8815 Firmware | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8835 | ||
| Qualcomm WSA8835 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-21639?
CVE-2023-21639 is a vulnerability that causes memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.
Which software is affected by CVE-2023-21639?
Google Android, Qualcomm Fastconnect 6200 Firmware, Qualcomm Qca6420 Firmware, Qualcomm Qca6430 Firmware, Qualcomm Sa4150p Firmware, Qualcomm Sa8195p Firmware, Qualcomm Snapdragon 855 Firmware, Qualcomm Snapdragon 855+\/860 Firmware, Qualcomm Snapdragon W5+ Gen 1 Firmware, Qualcomm Wcd9341 Firmware.
What is the severity of CVE-2023-21639?
CVE-2023-21639 has a severity rating of 7.8 (high).
How can I fix CVE-2023-21639?
To fix CVE-2023-21639, it is recommended to apply the security patches provided by the vendor.
Where can I find more information about CVE-2023-21639?
You can find more information about CVE-2023-21639 at the following link: [link](https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin).
- agent/type
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/qualcomm
- canonical/qualcomm aqt1000 firmware
- canonical/qualcomm fastconnect 6200
- canonical/qualcomm fastconnect 6200 firmware
- canonical/qualcomm qca6420 firmware
- canonical/qualcomm qca6430 firmware
- canonical/qualcomm sg4150p firmware
- canonical/qualcomm sa4155p
- canonical/qualcomm sa6155
- canonical/qualcomm sa6155p
- canonical/qualcomm sa8155
- canonical/qualcomm sa8155p firmware
- canonical/qualcomm sa8195p
- canonical/qualcomm sa8195p firmware
- canonical/qualcomm snapdragon 855
- canonical/qualcomm snapdragon 855 firmware
- canonical/qualcomm snapdragon 855+/860
- canonical/qualcomm snapdragon 855+/860 firmware
- canonical/qualcomm snapdragon w5+ gen 1 firmware
- canonical/qualcomm snapdragon w5+ gen 1
- canonical/qualcomm sw5100p
- canonical/qualcomm sw5100 firmware
- canonical/qualcomm wcd9341
- canonical/qualcomm wcd9341 firmware
- canonical/qualcomm wcn3980
- canonical/qualcomm wcn3988 firmware
- canonical/qualcomm wsa8810
- canonical/qualcomm wsa8810 firmware
- canonical/qualcomm wsa8815 firmware
- canonical/qualcomm wsa8830
- canonical/qualcomm wsa8835
- canonical/qualcomm wsa8835 firmware