CVE-2023-21628

Q: What is the severity of CVE-2023-21628?

CVE-2023-21628 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption in Qualcomm's WLAN Hardware Abstraction Layer (HAL) when processing specific wireless commands. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable WLAN firmware.

8.4 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's WLAN Hardware Abstraction Layer (HAL) when processing specific wireless commands. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable WLAN firmware.

💻 Affected Systems

Products:

Qualcomm chipsets with WLAN functionality

Versions: Specific firmware versions not publicly detailed in bulletin

Operating Systems: Android, Linux-based systems using Qualcomm WLAN

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm WLAN chips when WMI-UTF or FTM TLV1 commands are processed

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution in WLAN context

🟢

If Mitigated

No impact if patched or if vulnerable commands are blocked

🌐 Internet-Facing: MEDIUM - Requires wireless proximity or network access, but no authentication needed

🏢 Internal Only: MEDIUM - Same technical risk but limited to wireless network range

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted wireless commands to vulnerable WLAN interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to June 2023 Qualcomm security bulletin for specific firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm-provided firmware patches 3. Reboot device to load new firmware

🔧 Temporary Workarounds

Disable vulnerable WLAN features

linux

Disable WMI-UTF and FTM TLV1 command processing if not required

# Requires firmware/device-specific configuration

🧯 If You Can't Patch

Segment wireless networks to limit attack surface
Monitor for unusual WLAN command patterns or device crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's patched versions in June 2023 bulletin

Check Version:

# Device-specific: cat /sys/class/net/wlan0/device/firmware_version or similar

Verify Fix Applied:

Verify firmware version has been updated to post-June 2023 patched version

📡 Detection & Monitoring

Log Indicators:

WLAN driver crashes
Kernel panics related to WLAN
Unexpected device reboots

Network Indicators:

Unusual WMI-UTF or FTM TLV1 command patterns on wireless networks

SIEM Query:

Search for: (WLAN crash OR kernel panic) AND (Qualcomm OR WMI OR FTM)

📊 Metadata

CVE ID: CVE-2023-21628

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: June 6, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8076 Firmware by Qualcomm

Apq8092 Firmware by Qualcomm

Apq8094 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Home Hub 100 Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Mdm8215 Firmware by Qualcomm

Mdm9215 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9310 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca1023 Firmware by Qualcomm

Qca1990 Firmware by Qualcomm

Qca4010 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca4531 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564 Firmware by Qualcomm