7.8
CVE-2024-49840
- EPSS 0.02%
- Veröffentlicht 03.02.2025 17:15:20
- Zuletzt bearbeitet 05.02.2025 16:02:18
- Quelle product-security@qualcomm.com
- Teams Watchlist Login
- Unerledigt Login
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qualcomm ≫ Fastconnect 6900 Firmware Version-
Qualcomm ≫ Fastconnect 7800 Firmware Version-
Qualcomm ≫ Qcc2073 Firmware Version-
Qualcomm ≫ Qcc2076 Firmware Version-
Qualcomm ≫ Sc8380xp Firmware Version-
Qualcomm ≫ Wcd9380 Firmware Version-
Qualcomm ≫ Wcd9385 Firmware Version-
Qualcomm ≫ Wsa8840 Firmware Version-
Qualcomm ≫ Wsa8845 Firmware Version-
Qualcomm ≫ Wsa8845h Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.034 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| product-security@qualcomm.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-823 Use of Out-of-range Pointer Offset
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.