6.7

CVE-2024-23376

Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.

Data is provided by the National Vulnerability Database (NVD)
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWcn3988 Firmware Version-
   QualcommWcn3988 Version-
QualcommWcn3980 Firmware Version-
   QualcommWcn3980 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommSw5100p Firmware Version-
   QualcommSw5100p Version-
QualcommSw5100 Firmware Version-
   QualcommSw5100 Version-
QualcommSa8195p Firmware Version-
   QualcommSa8195p Version-
QualcommSa8155p Firmware Version-
   QualcommSa8155p Version-
QualcommSa8150p Firmware Version-
   QualcommSa8150p Version-
QualcommSa8145p Firmware Version-
   QualcommSa8145p Version-
QualcommSa6155p Firmware Version-
   QualcommSa6155p Version-
QualcommSa6150p Firmware Version-
   QualcommSa6150p Version-
QualcommSa6145p Firmware Version-
   QualcommSa6145p Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommQca6574au Firmware Version-
   QualcommQca6574au Version-
QualcommQca6174a Firmware Version-
   QualcommQca6174a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.064
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
product-security@qualcomm.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.