6.7

CVE-2024-23370

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWcn3988 Firmware Version-
   QualcommWcn3988 Version-
QualcommWcn3980 Firmware Version-
   QualcommWcn3980 Version-
QualcommSw5100p Firmware Version-
   QualcommSw5100p Version-
QualcommSw5100 Firmware Version-
   QualcommSw5100 Version-
QualcommQca9377 Firmware Version-
   QualcommQca9377 Version-
QualcommQca9367 Firmware Version-
   QualcommQca9367 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommQca6584au Firmware Version-
   QualcommQca6584au Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
product-security@qualcomm.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.