CVE-2023-21656

Q: What is the severity of CVE-2023-21656?

CVE-2023-21656 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm WLAN HOST drivers when processing WMI events from firmware. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm WLAN chipsets.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm WLAN HOST drivers when processing WMI events from firmware. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm WLAN chipsets.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and associated drivers

Versions: Multiple Qualcomm chipsets and driver versions prior to June 2023 patches

Operating Systems: Android, Linux, and other OS using Qualcomm WLAN drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects mobile devices, IoT devices, and networking equipment using vulnerable Qualcomm WLAN components

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise

🟠

Likely Case

System crash/denial of service or limited code execution

🟢

If Mitigated

Denial of service with proper memory protections

🌐 Internet-Facing: MEDIUM - Requires proximity or network access to target WLAN

🏢 Internal Only: MEDIUM - Internal attackers could exploit via local network

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted WMI events to vulnerable WLAN interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualcomm security bulletin June 2023 patches

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates 2. Apply Qualcomm-provided patches 3. Update WLAN firmware and drivers 4. Reboot device

🔧 Temporary Workarounds

Disable vulnerable WLAN features

linux

Disable WMI event processing if not required

Network segmentation

all

Isolate devices with vulnerable WLAN chipsets

🧯 If You Can't Patch

Implement strict network access controls to WLAN interfaces
Monitor for abnormal WMI event patterns and system crashes

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and driver dates against June 2023 security bulletin

Check Version:

For Android: adb shell getprop ro.boot.wlan.chip; For Linux: modinfo wlan_module_name | grep version

Verify Fix Applied:

Verify Qualcomm driver version has been updated post-June 2023

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
WLAN driver crash reports
Memory corruption errors in system logs

Network Indicators:

Abnormal WMI event patterns to WLAN interfaces
Unexpected firmware communications

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "wlan" OR source="system" AND "qualcomm" AND "wmi"

📊 Metadata

CVE ID: CVE-2023-21656

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: June 6, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd835 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdm429 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sm4250 Aa Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4350 Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm4450 Firmware by Qualcomm

Sm6225 Ad Firmware by Qualcomm

Sm6225 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325 Ae Firmware by Qualcomm

Sm7325 Af Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7350 Ab Firmware by Qualcomm

Sm8250 Ab Firmware by Qualcomm

Sm8250 Ac Firmware by Qualcomm