6.7
CVE-2024-23378
- EPSS 0.03%
- Published 07.10.2024 13:15:11
- Last modified 16.10.2024 20:00:29
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Srv1m Firmware Version-
Qualcomm ≫ Srv1h Firmware Version-
Qualcomm ≫ Sa9000p Firmware Version-
Qualcomm ≫ Sa8775p Firmware Version-
Qualcomm ≫ Sa8770p Firmware Version-
Qualcomm ≫ Sa8650p Firmware Version-
Qualcomm ≫ Sa8620p Firmware Version-
Qualcomm ≫ Sa8255p Firmware Version-
Qualcomm ≫ Sa7775p Firmware Version-
Qualcomm ≫ Sa7255p Firmware Version-
Qualcomm ≫ Qca6698aq Firmware Version-
Qualcomm ≫ Qca6584au Firmware Version-
Qualcomm ≫ Qamsrv1m Firmware Version-
Qualcomm ≫ Qamsrv1h Firmware Version-
Qualcomm ≫ Qam8775p Firmware Version-
Qualcomm ≫ Qam8650p Firmware Version-
Qualcomm ≫ Qam8255p Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.064 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| product-security@qualcomm.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.