CVE-2023-21642: Improper Access Control in HAB Memory Management
First published: Tue May 02 2023(Updated: )
Memory corruption in HAB Memory management due to broad system privileges via physical address.
Credit: product-security@qualcomm.com product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Qam8295p Firmware | ||
| Qualcomm Qam8295p | ||
| Google Android | ||
| Qualcomm Qca6574au | ||
| Google Android | ||
| Qualcomm Qca6696 | ||
| Google Android | ||
| Qualcomm Sa6145p | ||
| Qualcomm Sa6150p Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sa6155p | ||
| Qualcomm Sa8145p Firmware | ||
| Qualcomm Sa8145p | ||
| Google Android | ||
| Qualcomm Sa8150p | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sa8195p Firmware | ||
| Google Android | ||
| Qualcomm Sa8295p Firmware | ||
| Qualcomm Sa8295p | ||
| Qualcomm Sa8540p Firmware | ||
| Qualcomm Sa8540p | ||
| Qualcomm Sa9000p Firmware | ||
| Qualcomm Sa9000p | ||
| All of | ||
| Qualcomm Qam8295p | ||
| Qualcomm Qam8295p Firmware | ||
| All of | ||
| Qualcomm Qca6574au | ||
| Google Android | ||
| All of | ||
| Qualcomm Qca6696 | ||
| Google Android | ||
| All of | ||
| Qualcomm Sa6145p | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Qualcomm Sa6150p Firmware | ||
| All of | ||
| Qualcomm Sa6155p | ||
| Google Android | ||
| All of | ||
| Qualcomm Sa8145p Firmware | ||
| Qualcomm Sa8145p | ||
| All of | ||
| Google Android | ||
| Qualcomm Sa8150p | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Qualcomm Sa8195p Firmware | ||
| Google Android | ||
| All of | ||
| Qualcomm Sa8295p Firmware | ||
| Qualcomm Sa8295p | ||
| All of | ||
| Qualcomm Sa8540p Firmware | ||
| Qualcomm Sa8540p | ||
| All of | ||
| Qualcomm Sa9000p Firmware | ||
| Qualcomm Sa9000p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-21642?
CVE-2023-21642 is a vulnerability that occurs due to memory corruption in HAB Memory management on Qualcomm devices, allowing an attacker with broad system privileges via a physical address.
How does CVE-2023-21642 affect Qualcomm devices?
CVE-2023-21642 affects Qualcomm devices with Qam8295p, Qca6574au, Qca6696, Sa6145p, Sa6150p, Sa6155p, Sa8145p, Sa8150p, Sa8155p, Sa8195p, Sa8295p, Sa8540p, or Sa9000p firmware, and it can lead to memory corruption and unauthorized access.
How severe is CVE-2023-21642?
CVE-2023-21642 has a severity score of 7.8, which is considered high.
What is the official reference for CVE-2023-21642?
The official reference for CVE-2023-21642 can be found at https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin.
How can CVE-2023-21642 be fixed?
To fix CVE-2023-21642, it is recommended to apply the security patches provided by Qualcomm for the affected devices.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/qualcomm
- canonical/qualcomm qam8295p firmware
- canonical/qualcomm qam8295p
- canonical/google android
- canonical/qualcomm qca6574au
- canonical/qualcomm qca6696
- canonical/qualcomm sa6145p
- canonical/qualcomm sa6150p firmware
- canonical/qualcomm sa6155p
- canonical/qualcomm sa8145p firmware
- canonical/qualcomm sa8145p
- canonical/qualcomm sa8150p
- canonical/qualcomm sa8195p firmware
- canonical/qualcomm sa8295p firmware
- canonical/qualcomm sa8295p
- canonical/qualcomm sa8540p firmware
- canonical/qualcomm sa8540p
- canonical/qualcomm sa9000p firmware
- canonical/qualcomm sa9000p