CVE-2024-23377
MEDIUM EPSS 1.2%
Published Nov 4, 20241y ago · Modified Jun 17, 20262w ago
6.7 CVSS 3.1
Published Nov 4, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
1.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-823
Affected Products 78
| Vendor | Product | Version | Range |
|---|---|---|---|
| qualcomm | wsa8845h_firmware | * | any |
| qualcomm | wsa8845h | * | any |
| qualcomm | wsa8845_firmware | * | any |
| qualcomm | wsa8845 | * | any |
| qualcomm | wsa8840_firmware | * | any |
| qualcomm | wsa8840 | * | any |
| qualcomm | wsa8835_firmware | * | any |
| qualcomm | wsa8835 | * | any |
| qualcomm | wsa8832_firmware | * | any |
| qualcomm | wsa8832 | * | any |
| qualcomm | wsa8830_firmware | * | any |
| qualcomm | wsa8830 | * | any |
| qualcomm | wcn7880_firmware | * | any |
| qualcomm | wcn7880 | * | any |
| qualcomm | wcn6755_firmware | * | any |
| qualcomm | wcn6755 | * | any |
| qualcomm | wcn6650_firmware | * | any |
| qualcomm | wcn6650 | * | any |
| qualcomm | wcd9395_firmware | * | any |
| qualcomm | wcd9395 | * | any |
| qualcomm | wcd9390_firmware | * | any |
| qualcomm | wcd9390 | * | any |
| qualcomm | wcd9385_firmware | * | any |
| qualcomm | wcd9385 | * | any |
| qualcomm | wcd9380_firmware | * | any |
| qualcomm | wcd9380 | * | any |
| qualcomm | wcd9378_firmware | * | any |
| qualcomm | wcd9378 | * | any |
| qualcomm | wcd9375_firmware | * | any |
| qualcomm | wcd9375 | * | any |
| qualcomm | wcd9371_firmware | * | any |
| qualcomm | wcd9371 | * | any |
| qualcomm | wcd9370_firmware | * | any |
| qualcomm | wcd9370 | * | any |
| qualcomm | sxr2250p_firmware | * | any |
| qualcomm | sxr2250p | * | any |
| qualcomm | sxr2230p_firmware | * | any |
| qualcomm | sxr2230p | * | any |
| qualcomm | sxr1230p_firmware | * | any |
| qualcomm | sxr1230p | * | any |
| qualcomm | ssg2125p_firmware | * | any |
| qualcomm | ssg2125p | * | any |
| qualcomm | ssg2115p_firmware | * | any |
| qualcomm | ssg2115p | * | any |
| qualcomm | snapdragon_ar2_gen_1_platform_firmware | * | any |
| qualcomm | snapdragon_ar2_gen_1_platform | * | any |
| qualcomm | snapdragon_8\+_gen_2_mobile_platform_firmware | * | any |
| qualcomm | snapdragon_8\+_gen_2_mobile_platform | * | any |
| qualcomm | snapdragon_8_gen_2_mobile_platform_firmware | * | any |
| qualcomm | snapdragon_8_gen_2_mobile_platform | * | any |
| qualcomm | sm8550p_firmware | * | any |
| qualcomm | sm8550p | * | any |
| qualcomm | sm7550_firmware | * | any |
| qualcomm | sm7550 | * | any |
| qualcomm | sm7525_firmware | * | any |
| qualcomm | sm7525 | * | any |
| qualcomm | sg8275p_firmware | * | any |
| qualcomm | sg8275p | * | any |
| qualcomm | sg8275_firmware | * | any |
| qualcomm | sg8275 | * | any |
| qualcomm | sd_8_gen1_5g_firmware | * | any |
| qualcomm | sd_8_gen1_5g | * | any |
| qualcomm | video_collaboration_vc5_platform_firmware | * | any |
| qualcomm | video_collaboration_vc5_platform | * | any |
| qualcomm | qcs8550_firmware | * | any |
| qualcomm | qcs8550 | * | any |
| qualcomm | qcs8250_firmware | * | any |
| qualcomm | qcs8250 | * | any |
| qualcomm | qcs7230_firmware | * | any |
| qualcomm | qcs7230 | * | any |
| qualcomm | qcm8550_firmware | * | any |
| qualcomm | qcm8550 | * | any |
| qualcomm | qca6391_firmware | * | any |
| qualcomm | qca6391 | * | any |
| qualcomm | fastconnect_7800_firmware | * | any |
| qualcomm | fastconnect_7800 | * | any |
| qualcomm | fastconnect_6900_firmware | * | any |
| qualcomm | fastconnect_6900 | * | any |
References 1
- docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
Remediation
- docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html