1. Home
  2. CVE Database
  3. CVE-2023-21651
CRITICAL · 9.3

CVE-2023-21651

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Vulnerability Description

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommAqt1000 Firmware-
QualcommAqt1000-
QualcommAr8031 Firmware-
QualcommAr8031-
QualcommAr8035 Firmware-
QualcommAr8035-
QualcommCsra6620 Firmware-
QualcommCsra6620-
QualcommCsra6640 Firmware-
QualcommCsra6640-
QualcommMdm9205 Firmware-
QualcommMdm9205-
QualcommQam8295P Firmware-
QualcommQam8295P-
QualcommQca4004 Firmware-
QualcommQca4004-
QualcommQca6174A Firmware-
QualcommQca6174A-
QualcommQca6310 Firmware-
QualcommQca6310-

Related Weaknesses (CWE)

CWE-704

References

FAQ

What is CVE-2023-21651?

CVE-2023-21651 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

How severe is CVE-2023-21651?

CVE-2023-21651 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-21651?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Aqt1000 Firmware, Qualcomm Aqt1000, Qualcomm Ar8031 Firmware, Qualcomm Ar8031, Qualcomm Ar8035 Firmware.