6.5

CVE-2024-23350

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Data is provided by the National Vulnerability Database (NVD)
QualcommWsa8845h Firmware Version-
   QualcommWsa8845h Version-
QualcommWsa8845 Firmware Version-
   QualcommWsa8845 Version-
QualcommWsa8840 Firmware Version-
   QualcommWsa8840 Version-
QualcommWcd9395 Firmware Version-
   QualcommWcd9395 Version-
QualcommWcd9390 Firmware Version-
   QualcommWcd9390 Version-
QualcommWcd9340 Firmware Version-
   QualcommWcd9340 Version-
QualcommQfw7124 Firmware Version-
   QualcommQfw7124 Version-
QualcommQfw7114 Firmware Version-
   QualcommQfw7114 Version-
QualcommQep8111 Firmware Version-
   QualcommQep8111 Version-
QualcommQcn6274 Firmware Version-
   QualcommQcn6274 Version-
QualcommQcn6224 Firmware Version-
   QualcommQcn6224 Version-
QualcommQcc710 Firmware Version-
   QualcommQcc710 Version-
QualcommQca8337 Firmware Version-
   QualcommQca8337 Version-
QualcommQca8081 Firmware Version-
   QualcommQca8081 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommQca6584au Firmware Version-
   QualcommQca6584au Version-
QualcommQca6174a Firmware Version-
   QualcommQca6174a Version-
QualcommAr8035 Firmware Version-
   QualcommAr8035 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.119
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
product-security@qualcomm.com 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.