CVE-2024-23377

EPSS 0.03%
Published 04.11.2024 10:15:04
Last modified 07.11.2024 19:59:06
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h Version-

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845 Version-

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wcn7880 Firmware Version-

Qualcomm ≫ Wcn7880 Version-

Qualcomm ≫ Wcn6755 Firmware Version-

Qualcomm ≫ Wcn6755 Version-

Qualcomm ≫ Wcn6650 Firmware Version-

Qualcomm ≫ Wcn6650 Version-

Qualcomm ≫ Wcd9395 Firmware Version-

Qualcomm ≫ Wcd9395 Version-

Qualcomm ≫ Wcd9390 Firmware Version-

Qualcomm ≫ Wcd9390 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9378 Firmware Version-

Qualcomm ≫ Wcd9378 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9371 Firmware Version-

Qualcomm ≫ Wcd9371 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Sxr2250p Firmware Version-

Qualcomm ≫ Sxr2250p Version-

Qualcomm ≫ Sxr2230p Firmware Version-

Qualcomm ≫ Sxr2230p Version-

Qualcomm ≫ Sxr1230p Firmware Version-

Qualcomm ≫ Sxr1230p Version-

Qualcomm ≫ Ssg2125p Firmware Version-

Qualcomm ≫ Ssg2125p Version-

Qualcomm ≫ Ssg2115p Firmware Version-

Qualcomm ≫ Ssg2115p Version-

Qualcomm ≫ Snapdragon Ar2 Gen 1 Platform Firmware Version-

Qualcomm ≫ Snapdragon Ar2 Gen 1 Platform Version-

Qualcomm ≫ Snapdragon 8+ Gen 2 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 8+ Gen 2 Mobile Platform Version-

Qualcomm ≫ Snapdragon 8 Gen 2 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 2 Mobile Platform Version-

Qualcomm ≫ Sm8550p Firmware Version-

Qualcomm ≫ Sm8550p Version-

Qualcomm ≫ Sm7550 Firmware Version-

Qualcomm ≫ Sm7550 Version-

Qualcomm ≫ Sm7525 Firmware Version-

Qualcomm ≫ Sm7525 Version-

Qualcomm ≫ Sg8275p Firmware Version-

Qualcomm ≫ Sg8275p Version-

Qualcomm ≫ Sg8275 Firmware Version-

Qualcomm ≫ Sg8275 Version-

Qualcomm ≫ Sd 8 Gen1 5g Firmware Version-

Qualcomm ≫ Sd 8 Gen1 5g Version-

Qualcomm ≫ Video Collaboration Vc5 Platform Firmware Version-

Qualcomm ≫ Video Collaboration Vc5 Platform Version-

Qualcomm ≫ Qcs8550 Firmware Version-

Qualcomm ≫ Qcs8550 Version-

Qualcomm ≫ Qcs8250 Firmware Version-

Qualcomm ≫ Qcs8250 Version-

Qualcomm ≫ Qcs7230 Firmware Version-

Qualcomm ≫ Qcs7230 Version-

Qualcomm ≫ Qcm8550 Firmware Version-

Qualcomm ≫ Qcm8550 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-823 Use of Out-of-range Pointer Offset

The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23377

EUVD