CVE-2024-38413

EPSS 0.04%
Published 03.02.2025 17:15:17
Last modified 05.02.2025 13:58:37
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption while processing frame packets.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Snapdragon 8 Gen 3 Mobile Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 3 Mobile Version-

Qualcomm ≫ Wcd9390 Firmware Version-

Qualcomm ≫ Wcd9390 Version-

Qualcomm ≫ Wcd9395 Firmware Version-

Qualcomm ≫ Wcd9395 Version-

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840 Version-

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845 Version-

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.107

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38413

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38413

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38413

EUVD