What is CVE-2023-21671?

CVE-2023-21671 is a vulnerability that involves improper input validation in Core, resulting in memory corruption during the syscall for Sectools Fuse comparison feature.

Which software are affected by CVE-2023-21671?

The following software are affected by CVE-2023-21671: Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6900 Firmware, Google Android, Qualcomm QCA6391 Firmware, Qualcomm QCM6490 Firmware, Qualcomm QCS6490 Firmware, Qualcomm Qsm8350 Firmware, Qualcomm Qualcomm Video Collaboration VC3 Platform Firmware, Qualcomm Snapdragon 778g 5g Mobile Platform Firmware, Qualcomm Snapdragon 778g+ 5g Mobile Platform Firmware, Qualcomm Snapdragon 780g 5g Mobile Platform Firmware, Qualcomm Snapdragon 782g Mobile Platform Firmware, Qualcomm Snapdragon 7c+ Gen 3 Compute Firmware, Qualcomm Snapdragon 888 5g Mobile Platform Firmware, Qualcomm Snapdragon 888+ 5g Mobile Platform Firmware, Qualcomm Wcd9370 Firmware, Qualcomm Wcd9375 Firmware, Qualcomm Wcd9380 Firmware, Qualcomm Wcd9385 Firmware, Qualcomm Wcn6740 Firmware, Qualcomm Wsa8830 Firmware, Qualcomm Wsa8835 Firmware.

What is the severity of CVE-2023-21671?

The severity of CVE-2023-21671 is critical with a severity value of 9.3.

How does CVE-2023-21671 impact the affected software?

CVE-2023-21671 can lead to memory corruption in the affected software, specifically during the syscall for the Sectools Fuse comparison feature.

How can I fix CVE-2023-21671?

To fix CVE-2023-21671, it is recommended to apply the necessary security updates provided by the software vendor. Please refer to the vendor's security bulletin for more information.

Vulnerability/
CVE-2023-21671

critical

9.3

CWE

6/11/2023

7/11/2023

27/2/2025

CVE-2023-21671: Improper Input Validation in Core

First published: Mon Nov 06 2023(Updated: )

Memory Corruption in Core during syscall for Sectools Fuse comparison feature.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
All of
Qualcomm FastConnect 6700 Firmware
Qualcomm Fastconnect 6700
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware
All of
Qualcomm QCA6391 Firmware
Qualcomm QCA6391 Firmware
All of
Qualcomm QCM6490
Qualcomm QCM6490 Firmware
All of
Qualcomm QCS6490 Firmware
Qualcomm QCS6490 Firmware
All of
Qualcomm SM8350 Firmware
Qualcomm QSM8350 Firmware
All of
Qualcomm Video Collaboration VC3 Platform Firmware
Qualcomm Video Collaboration VC3 Platform
All of
Qualcomm Snapdragon 888 Firmware
Qualcomm Snapdragon 888 Firmware
All of
Qualcomm SM7315
Qualcomm SM7315 Firmware
All of
Qualcomm SM7325P Firmware
Qualcomm SM7325P Firmware
All of
Qualcomm Snapdragon 778G 5G Mobile Firmware
Qualcomm Snapdragon 778G+ 5G
All of
Qualcomm Snapdragon 778G+ 5G Mobile Platform Firmware
Qualcomm Snapdragon 778G+ 5G Mobile Platform
All of
Qualcomm Snapdragon 780G 5G Mobile Firmware
Qualcomm Snapdragon 780G 5G Mobile Platform Firmware
All of
Qualcomm Snapdragon 782G Mobile Platform
Qualcomm Snapdragon 782G Mobile Platform Firmware
All of
Qualcomm Snapdragon 7c+ Gen 3 Compute Firmware
Qualcomm Snapdragon 7c+ Gen 3 Compute
All of
Qualcomm Snapdragon 888+ 5G Mobile Platform Firmware
Qualcomm Snapdragon 888 5G Mobile
All of
Qualcomm Snapdragon 888+ 5G Mobile Platform Firmware
Qualcomm Snapdragon 888+ 5G Mobile Platform
All of
Qualcomm WCD9370 Firmware
Qualcomm WCD9370 Firmware
All of
Qualcomm WCD9375
Qualcomm WCD9375 Firmware
All of
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
All of
Qualcomm WCD9385
Qualcomm WCD9385 Firmware
All of
Qualcomm WCN6740 Firmware
Qualcomm WCN6740 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-21671?
CVE-2023-21671 is a vulnerability that involves improper input validation in Core, resulting in memory corruption during the syscall for Sectools Fuse comparison feature.
Which software are affected by CVE-2023-21671?
The following software are affected by CVE-2023-21671: Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6900 Firmware, Google Android, Qualcomm QCA6391 Firmware, Qualcomm QCM6490 Firmware, Qualcomm QCS6490 Firmware, Qualcomm Qsm8350 Firmware, Qualcomm Qualcomm Video Collaboration VC3 Platform Firmware, Qualcomm Snapdragon 778g 5g Mobile Platform Firmware, Qualcomm Snapdragon 778g+ 5g Mobile Platform Firmware, Qualcomm Snapdragon 780g 5g Mobile Platform Firmware, Qualcomm Snapdragon 782g Mobile Platform Firmware, Qualcomm Snapdragon 7c+ Gen 3 Compute Firmware, Qualcomm Snapdragon 888 5g Mobile Platform Firmware, Qualcomm Snapdragon 888+ 5g Mobile Platform Firmware, Qualcomm Wcd9370 Firmware, Qualcomm Wcd9375 Firmware, Qualcomm Wcd9380 Firmware, Qualcomm Wcd9385 Firmware, Qualcomm Wcn6740 Firmware, Qualcomm Wsa8830 Firmware, Qualcomm Wsa8835 Firmware.
What is the severity of CVE-2023-21671?
The severity of CVE-2023-21671 is critical with a severity value of 9.3.
How does CVE-2023-21671 impact the affected software?
CVE-2023-21671 can lead to memory corruption in the affected software, specifically during the syscall for the Sectools Fuse comparison feature.
How can I fix CVE-2023-21671?
To fix CVE-2023-21671, it is recommended to apply the necessary security updates provided by the software vendor. Please refer to the vendor's security bulletin for more information.

agent/type
agent/author
agent/references
agent/severity
agent/title
agent/description
agent/first-publish-date
agent/weakness
agent/event
agent/source
collector/android-source
source/Android
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/google
canonical/android
vendor/qualcomm
canonical/qualcomm fastconnect 6700 firmware
canonical/qualcomm fastconnect 6700
canonical/qualcomm fastconnect 6900 firmware
canonical/qualcomm qca6391 firmware
canonical/qualcomm qcm6490
canonical/qualcomm qcm6490 firmware
canonical/qualcomm qcs6490 firmware
canonical/qualcomm sm8350 firmware
canonical/qualcomm qsm8350 firmware
canonical/qualcomm video collaboration vc3 platform firmware
canonical/qualcomm video collaboration vc3 platform
canonical/qualcomm snapdragon 888 firmware
canonical/qualcomm sm7315
canonical/qualcomm sm7315 firmware
canonical/qualcomm sm7325p firmware
canonical/qualcomm snapdragon 778g 5g mobile firmware
canonical/qualcomm snapdragon 778g+ 5g
canonical/qualcomm snapdragon 778g+ 5g mobile platform firmware
canonical/qualcomm snapdragon 778g+ 5g mobile platform
canonical/qualcomm snapdragon 780g 5g mobile firmware
canonical/qualcomm snapdragon 780g 5g mobile platform firmware
canonical/qualcomm snapdragon 782g mobile platform
canonical/qualcomm snapdragon 782g mobile platform firmware
canonical/qualcomm snapdragon 7c+ gen 3 compute firmware
canonical/qualcomm snapdragon 7c+ gen 3 compute
canonical/qualcomm snapdragon 888+ 5g mobile platform firmware
canonical/qualcomm snapdragon 888 5g mobile
canonical/qualcomm snapdragon 888+ 5g mobile platform
canonical/qualcomm wcd9370 firmware
canonical/qualcomm wcd9375
canonical/qualcomm wcd9375 firmware
canonical/qualcomm wcd9380
canonical/qualcomm wcd9380 firmware
canonical/qualcomm wcd9385
canonical/qualcomm wcd9385 firmware
canonical/qualcomm wcn6740 firmware
canonical/qualcomm wsa8830
canonical/qualcomm wsa8835
canonical/qualcomm wsa8835 firmware