CVE-2024-21470

EPSS 0.06%
Published 01.04.2024 15:15:49
Last modified 13.01.2025 21:54:33
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption while allocating memory for graphics.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Aqt1000 Firmware Version-

Qualcomm ≫ Aqt1000 Version-

Qualcomm ≫ Fastconnect 6200 Firmware Version-

Qualcomm ≫ Fastconnect 6200 Version-

Qualcomm ≫ Fastconnect 6700 Firmware Version-

Qualcomm ≫ Fastconnect 6700 Version-

Qualcomm ≫ Fastconnect 6800 Firmware Version-

Qualcomm ≫ Fastconnect 6800 Version-

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qca6420 Firmware Version-

Qualcomm ≫ Qca6420 Version-

Qualcomm ≫ Qca6430 Firmware Version-

Qualcomm ≫ Qca6430 Version-

Qualcomm ≫ Sc8180x+sdx55 Firmware Version-

Qualcomm ≫ Sc8180x+sdx55 Version-

Qualcomm ≫ Sc8380xp Firmware Version-

Qualcomm ≫ Sc8380xp Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Snapdragon 7c Compute Platform Firmware Version-

Qualcomm ≫ Snapdragon 7c Compute Platform Version-

Qualcomm ≫ Snapdragon 7c Gen 2 Compute Platform Firmware Version-

Qualcomm ≫ Snapdragon 7c Gen 2 Compute Platform Version-

Qualcomm ≫ Snapdragon 7c+ Gen 3 Compute Firmware Version-

Qualcomm ≫ Snapdragon 7c+ Gen 3 Compute Version-

Qualcomm ≫ Sc8180x-ad Firmware Version-

Qualcomm ≫ Sc8180x-ad Version-

Qualcomm ≫ Sc8180xp-ad Firmware Version-

Qualcomm ≫ Sc8180xp-ad Version-

Qualcomm ≫ Sc8180x-aaab Firmware Version-

Qualcomm ≫ Sc8180x-aaab Version-

Qualcomm ≫ Sc8180xp-acaf Firmware Version-

Qualcomm ≫ Sc8180xp-acaf Version-

Qualcomm ≫ Sc8180x-acaf Firmware Version-

Qualcomm ≫ Sc8180x-acaf Version-

Qualcomm ≫ Sc8180xp-aaab Firmware Version-

Qualcomm ≫ Sc8180xp-aaab Version-

Qualcomm ≫ Sc8280xp-abbb Firmware Version-

Qualcomm ≫ Sc8280xp-abbb Version-

Qualcomm ≫ Wcd9340 Firmware Version-

Qualcomm ≫ Wcd9340 Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840 Version-

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845 Version-

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-680 Integer Overflow to Buffer Overflow

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21470

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21470

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21470

EUVD