7.1
CVE-2024-21460
- EPSS 0.1%
- Veröffentlicht 01.07.2024 15:15:14
- Zuletzt bearbeitet 21.11.2024 08:54:25
- Quelle product-security@qualcomm.com
- CVE-Watchlists
- Unerledigt
LoginUse of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Fastconnect 6900 Firmware Version-
Qualcomm ≫ Fastconnect 7800 Firmware Version-
Qualcomm ≫ Qcm8550 Firmware Version-
Qualcomm ≫ Qcs8550 Firmware Version-
Qualcomm ≫ Sg8275p Firmware Version-
Qualcomm ≫ Sm8550p Firmware Version-
Qualcomm ≫ Wcd9380 Firmware Version-
Qualcomm ≫ Wcd9385 Firmware Version-
Qualcomm ≫ Wcd9390 Firmware Version-
Qualcomm ≫ Wcd9395 Firmware Version-
Qualcomm ≫ Wsa8840 Firmware Version-
Qualcomm ≫ Wsa8845 Firmware Version-
Qualcomm ≫ Wsa8845h Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.284 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| product-security@qualcomm.com | 7.1 | 2.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.