7.8

CVE-2024-21455

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Data is provided by the National Vulnerability Database (NVD)
QualcommWsa8815 Firmware Version-
   QualcommWsa8815 Version-
QualcommWsa8810 Firmware Version-
   QualcommWsa8810 Version-
QualcommWcn3980 Firmware Version-
   QualcommWcn3980 Version-
QualcommWcn3950 Firmware Version-
   QualcommWcn3950 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommSg4150p Firmware Version-
   QualcommSg4150p Version-
QualcommSa8295p Firmware Version-
   QualcommSa8295p Version-
QualcommQcs6125 Firmware Version-
   QualcommQcs6125 Version-
QualcommQcm6125 Firmware Version-
   QualcommQcm6125 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommQca6688aq Firmware Version-
   QualcommQca6688aq Version-
QualcommQca6595 Firmware Version-
   QualcommQca6595 Version-
QualcommQca6584au Firmware Version-
   QualcommQca6584au Version-
QualcommQam8295p Firmware Version-
   QualcommQam8295p Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.039
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
product-security@qualcomm.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.