CVE-2024-23377

MEDIUM EPSS 1.2%
Published Nov 4, 20241y ago · Modified Jun 17, 20262w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Nov 4, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-823

Affected Products 78

VendorProductVersionRange
qualcommwsa8845h_firmware*any
qualcommwsa8845h*any
qualcommwsa8845_firmware*any
qualcommwsa8845*any
qualcommwsa8840_firmware*any
qualcommwsa8840*any
qualcommwsa8835_firmware*any
qualcommwsa8835*any
qualcommwsa8832_firmware*any
qualcommwsa8832*any
qualcommwsa8830_firmware*any
qualcommwsa8830*any
qualcommwcn7880_firmware*any
qualcommwcn7880*any
qualcommwcn6755_firmware*any
qualcommwcn6755*any
qualcommwcn6650_firmware*any
qualcommwcn6650*any
qualcommwcd9395_firmware*any
qualcommwcd9395*any
qualcommwcd9390_firmware*any
qualcommwcd9390*any
qualcommwcd9385_firmware*any
qualcommwcd9385*any
qualcommwcd9380_firmware*any
qualcommwcd9380*any
qualcommwcd9378_firmware*any
qualcommwcd9378*any
qualcommwcd9375_firmware*any
qualcommwcd9375*any
qualcommwcd9371_firmware*any
qualcommwcd9371*any
qualcommwcd9370_firmware*any
qualcommwcd9370*any
qualcommsxr2250p_firmware*any
qualcommsxr2250p*any
qualcommsxr2230p_firmware*any
qualcommsxr2230p*any
qualcommsxr1230p_firmware*any
qualcommsxr1230p*any
qualcommssg2125p_firmware*any
qualcommssg2125p*any
qualcommssg2115p_firmware*any
qualcommssg2115p*any
qualcommsnapdragon_ar2_gen_1_platform_firmware*any
qualcommsnapdragon_ar2_gen_1_platform*any
qualcommsnapdragon_8\+_gen_2_mobile_platform_firmware*any
qualcommsnapdragon_8\+_gen_2_mobile_platform*any
qualcommsnapdragon_8_gen_2_mobile_platform_firmware*any
qualcommsnapdragon_8_gen_2_mobile_platform*any
qualcommsm8550p_firmware*any
qualcommsm8550p*any
qualcommsm7550_firmware*any
qualcommsm7550*any
qualcommsm7525_firmware*any
qualcommsm7525*any
qualcommsg8275p_firmware*any
qualcommsg8275p*any
qualcommsg8275_firmware*any
qualcommsg8275*any
qualcommsd_8_gen1_5g_firmware*any
qualcommsd_8_gen1_5g*any
qualcommvideo_collaboration_vc5_platform_firmware*any
qualcommvideo_collaboration_vc5_platform*any
qualcommqcs8550_firmware*any
qualcommqcs8550*any
qualcommqcs8250_firmware*any
qualcommqcs8250*any
qualcommqcs7230_firmware*any
qualcommqcs7230*any
qualcommqcm8550_firmware*any
qualcommqcm8550*any
qualcommqca6391_firmware*any
qualcommqca6391*any
qualcommfastconnect_7800_firmware*any
qualcommfastconnect_7800*any
qualcommfastconnect_6900_firmware*any
qualcommfastconnect_6900*any

References 1

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
    PatchVendor Advisory

Remediation

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
    PatchVendor Advisory