CVE-2024-23370

MEDIUM EPSS 1.5%
Published Oct 7, 20241y ago · Modified Jun 17, 20262w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Oct 7, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 22

VendorProductVersionRange
qualcommwsa8835_firmware*any
qualcommwsa8835*any
qualcommwsa8830_firmware*any
qualcommwsa8830*any
qualcommwcn3988_firmware*any
qualcommwcn3988*any
qualcommwcn3980_firmware*any
qualcommwcn3980*any
qualcommsw5100p_firmware*any
qualcommsw5100p*any
qualcommsw5100_firmware*any
qualcommsw5100*any
qualcommsnapdragon_auto_5g_modem-rf_gen_2_firmware*any
qualcommsnapdragon_auto_5g_modem-rf_gen_2*any
qualcommqca9377_firmware*any
qualcommqca9377*any
qualcommqca9367_firmware*any
qualcommqca9367*any
qualcommqca6698aq_firmware*any
qualcommqca6698aq*any
qualcommqca6584au_firmware*any
qualcommqca6584au*any

References 1

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.