CVE-2023-21671: Improper Input Validation in Core
First published: Mon Nov 06 2023(Updated: )
Memory Corruption in Core during syscall for Sectools Fuse comparison feature.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| All of | ||
| Qualcomm Fastconnect 6700 Firmware | ||
| Qualcomm Fastconnect 6700 | ||
| All of | ||
| Qualcomm Fastconnect 6900 Firmware | ||
| Qualcomm Fastconnect 6900 | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Qualcomm Qsm8350 Firmware | ||
| Qualcomm Qsm8350 | ||
| All of | ||
| Qualcomm Qualcomm Video Collaboration Vc3 Platform Firmware | ||
| Qualcomm Qualcomm Video Collaboration Vc3 Platform | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Qualcomm Sm7315 | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Qualcomm Snapdragon 778g 5g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 778g 5g Mobile Platform | ||
| All of | ||
| Qualcomm Snapdragon 778g\+ 5g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 778g\+ 5g Mobile Platform | ||
| All of | ||
| Qualcomm Snapdragon 780g 5g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 780g 5g Mobile Platform | ||
| All of | ||
| Qualcomm Snapdragon 782g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 782g Mobile Platform | ||
| All of | ||
| Qualcomm Snapdragon 7c\+ Gen 3 Compute Firmware | ||
| Qualcomm Snapdragon 7c\+ Gen 3 Compute | ||
| All of | ||
| Qualcomm Snapdragon 888 5g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 888 5g Mobile Platform | ||
| All of | ||
| Qualcomm Snapdragon 888\+ 5g Mobile Platform Firmware | ||
| Qualcomm Snapdragon 888\+ 5g Mobile Platform | ||
| All of | ||
| Qualcomm Wcd9370 Firmware | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Qualcomm Wcn6740 | ||
| All of | ||
| Google Android | ||
| Google Android | ||
| All of | ||
| Google Android | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-21671?
CVE-2023-21671 is a vulnerability that involves improper input validation in Core, resulting in memory corruption during the syscall for Sectools Fuse comparison feature.
Which software are affected by CVE-2023-21671?
The following software are affected by CVE-2023-21671: Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6900 Firmware, Google Android, Qualcomm QCA6391 Firmware, Qualcomm QCM6490 Firmware, Qualcomm QCS6490 Firmware, Qualcomm Qsm8350 Firmware, Qualcomm Qualcomm Video Collaboration VC3 Platform Firmware, Qualcomm Snapdragon 778g 5g Mobile Platform Firmware, Qualcomm Snapdragon 778g+ 5g Mobile Platform Firmware, Qualcomm Snapdragon 780g 5g Mobile Platform Firmware, Qualcomm Snapdragon 782g Mobile Platform Firmware, Qualcomm Snapdragon 7c+ Gen 3 Compute Firmware, Qualcomm Snapdragon 888 5g Mobile Platform Firmware, Qualcomm Snapdragon 888+ 5g Mobile Platform Firmware, Qualcomm Wcd9370 Firmware, Qualcomm Wcd9375 Firmware, Qualcomm Wcd9380 Firmware, Qualcomm Wcd9385 Firmware, Qualcomm Wcn6740 Firmware, Qualcomm Wsa8830 Firmware, Qualcomm Wsa8835 Firmware.
What is the severity of CVE-2023-21671?
The severity of CVE-2023-21671 is critical with a severity value of 9.3.
How does CVE-2023-21671 impact the affected software?
CVE-2023-21671 can lead to memory corruption in the affected software, specifically during the syscall for the Sectools Fuse comparison feature.
How can I fix CVE-2023-21671?
To fix CVE-2023-21671, it is recommended to apply the necessary security updates provided by the software vendor. Please refer to the vendor's security bulletin for more information.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/title
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm fastconnect 6700 firmware
- canonical/qualcomm fastconnect 6700
- canonical/qualcomm fastconnect 6900 firmware
- canonical/qualcomm fastconnect 6900
- canonical/qualcomm qsm8350 firmware
- canonical/qualcomm qsm8350
- canonical/qualcomm qualcomm video collaboration vc3 platform firmware
- canonical/qualcomm qualcomm video collaboration vc3 platform
- canonical/qualcomm sm7315
- canonical/qualcomm snapdragon 778g 5g mobile platform firmware
- canonical/qualcomm snapdragon 778g 5g mobile platform
- canonical/qualcomm snapdragon 778g\+ 5g mobile platform firmware
- canonical/qualcomm snapdragon 778g\+ 5g mobile platform
- canonical/qualcomm snapdragon 780g 5g mobile platform firmware
- canonical/qualcomm snapdragon 780g 5g mobile platform
- canonical/qualcomm snapdragon 782g mobile platform firmware
- canonical/qualcomm snapdragon 782g mobile platform
- canonical/qualcomm snapdragon 7c\+ gen 3 compute firmware
- canonical/qualcomm snapdragon 7c\+ gen 3 compute
- canonical/qualcomm snapdragon 888 5g mobile platform firmware
- canonical/qualcomm snapdragon 888 5g mobile platform
- canonical/qualcomm snapdragon 888\+ 5g mobile platform firmware
- canonical/qualcomm snapdragon 888\+ 5g mobile platform
- canonical/qualcomm wcd9370 firmware
- canonical/qualcomm wcn6740