CVE-2023-21662

Q: What is the severity of CVE-2023-21662?

CVE-2023-21662 has a CVSS score of 7.8 (HIGH). CVE-2023-21662 is a memory corruption vulnerability in Qualcomm's Core Platform that occurs while printing response buffers in logs. This buffer overflow vulnerability could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets across various product categories.

7.8 HIGH

Buffer Overflow

📋 TL;DR

CVE-2023-21662 is a memory corruption vulnerability in Qualcomm's Core Platform that occurs while printing response buffers in logs. This buffer overflow vulnerability could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets across various product categories.

💻 Affected Systems

Products:

Qualcomm Core Platform components
Various Qualcomm-based devices and chipsets

Versions: Multiple Qualcomm platform versions prior to September 2023 patches

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Specific affected products and versions detailed in Qualcomm's September 2023 security bulletin

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crashes, denial of service, or limited information disclosure through memory leaks

🟢

If Mitigated

System stability maintained with proper memory protections and exploit mitigations enabled

🌐 Internet-Facing: MEDIUM - Requires specific conditions to be triggered remotely, but could affect network-facing services

🏢 Internal Only: MEDIUM - Local exploitation possible through malicious applications or compromised processes

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the specific logging condition with crafted input

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in Qualcomm's September 2023 security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for available updates 2. Apply Qualcomm September 2023 security patches 3. Reboot device after patch installation

🔧 Temporary Workarounds

Disable verbose logging

all

Reduce logging verbosity to minimize exposure to the vulnerable code path

# System-specific logging configuration required
# Consult device manufacturer documentation

🧯 If You Can't Patch

Implement strict input validation and sanitization for all logging inputs
Enable exploit mitigations like ASLR, DEP, and stack canaries where available

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's September 2023 security bulletin

Check Version:

# Device-specific commands vary by manufacturer
# Example for Android: adb shell getprop ro.build.fingerprint

Verify Fix Applied:

Verify that September 2023 or later Qualcomm security patches are installed

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes during logging operations
Memory access violation errors in system logs

Network Indicators:

Unusual network traffic patterns from affected devices

SIEM Query:

source="system_logs" AND ("segmentation fault" OR "memory corruption" OR "buffer overflow") AND process="*log*"

📊 Metadata

CVE ID: CVE-2023-21662

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9100 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8155 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd 8cx Firmware by Qualcomm