CVE-2024-38407

EPSS 0.16%
Veröffentlicht 04.11.2024 10:15:07
Zuletzt bearbeitet 07.11.2024 19:39:59
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

Time-of-check Time-of-use (TOCTOU) Race Condition in Camera

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 44 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Aqt1000 Firmware Version-

Qualcomm ≫ Aqt1000 Version-

Qualcomm ≫ Fastconnect 6200 Firmware Version-

Qualcomm ≫ Fastconnect 6200 Version-

Qualcomm ≫ Fastconnect 6700 Firmware Version-

Qualcomm ≫ Fastconnect 6700 Version-

Qualcomm ≫ Fastconnect 6800 Firmware Version-

Qualcomm ≫ Fastconnect 6800 Version-

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qca6420 Firmware Version-

Qualcomm ≫ Qca6420 Version-

Qualcomm ≫ Qca6430 Firmware Version-

Qualcomm ≫ Qca6430 Version-

Qualcomm ≫ Qcm5430 Firmware Version-

Qualcomm ≫ Qcm5430 Version-

Qualcomm ≫ Qcm6490 Firmware Version-

Qualcomm ≫ Qcm6490 Version-

Qualcomm ≫ Qcs5430 Firmware Version-

Qualcomm ≫ Qcs5430 Version-

Qualcomm ≫ Qcs6490 Firmware Version-

Qualcomm ≫ Qcs6490 Version-

Qualcomm ≫ Sc8180x+sdx55 Firmware Version-

Qualcomm ≫ Sc8180x+sdx55 Version-

Qualcomm ≫ Sc8380xp Firmware Version-

Qualcomm ≫ Sc8380xp Version-

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Snapdragon 429 Mobile Platform Firmware Version-

Qualcomm ≫ Snapdragon 429 Mobile Platform Version-

Qualcomm ≫ Snapdragon 7c+ Gen 3 Compute Firmware Version-

Qualcomm ≫ Snapdragon 7c+ Gen 3 Compute Version-

Qualcomm ≫ Snapdragon 7c Compute Platform Firmware Version-

Qualcomm ≫ Snapdragon 7c Compute Platform Version-

Qualcomm ≫ Snapdragon 7c Gen 2 Compute Platform (sc7180-ad) "rennell Pro" Firmware Version-

Qualcomm ≫ Snapdragon 7c Gen 2 Compute Platform (sc7180-ad) "rennell Pro" Version-

Qualcomm ≫ Snapdragon 8c Compute Platform (sc8180x-ad) "poipu Lite" Firmware Version-

Qualcomm ≫ Snapdragon 8c Compute Platform (sc8180x-ad) "poipu Lite" Version-

Qualcomm ≫ Snapdragon 8c Compute Platform (sc8180xp-ad) "poipu Lite" Firmware Version-

Qualcomm ≫ Snapdragon 8c Compute Platform (sc8180xp-ad) "poipu Lite" Version-

Qualcomm ≫ Snapdragon 8cx Compute Platform (sc8180x-aa, Ab) Firmware Version-

Qualcomm ≫ Snapdragon 8cx Compute Platform (sc8180x-aa, Ab) Version-

Qualcomm ≫ Snapdragon 8cx Compute Platform (sc8180xp-ac, Af) "poipu Pro" Firmware Version-

Qualcomm ≫ Snapdragon 8cx Compute Platform (sc8180xp-ac, Af) "poipu Pro" Version-

Qualcomm ≫ Snapdragon 8cx Gen 2 5g Compute Platform (sc8180x-ac, Af) "poipu Pro" Firmware Version-

Qualcomm ≫ Snapdragon 8cx Gen 2 5g Compute Platform (sc8180x-ac, Af) "poipu Pro" Version-

Qualcomm ≫ Snapdragon 8cx Gen 2 5g Compute Platform (sc8180xp-aa, Ab) Firmware Version-

Qualcomm ≫ Snapdragon 8cx Gen 2 5g Compute Platform (sc8180xp-aa, Ab) Version-

Qualcomm ≫ Snapdragon 8cx Gen 3 Compute Platform (sc8280xp-ab, Bb) Firmware Version-

Qualcomm ≫ Snapdragon 8cx Gen 3 Compute Platform (sc8280xp-ab, Bb) Version-

Qualcomm ≫ Video Collaboration Vc3 Platform Firmware Version-

Qualcomm ≫ Video Collaboration Vc3 Platform Version-

Qualcomm ≫ Wcd9340 Firmware Version-

Qualcomm ≫ Wcd9340 Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcn3620 Firmware Version-

Qualcomm ≫ Wcn3620 Version-

Qualcomm ≫ Wcn3660b Firmware Version-

Qualcomm ≫ Wcn3660b Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840 Version-

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845 Version-

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.368

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38407

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38407

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38407

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-38407