CVE-2024-23378

MEDIUM EPSS 1.5%
Published Oct 7, 20241y ago ยท Modified Jun 17, 20262w ago
6.7 CVSS 3.1
Medium
Find Similar
Published Oct 7, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.

CVSS Details

Base Score
6.7
Exploitability
0.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-120

Affected Products 36

VendorProductVersionRange
qualcommsrv1m_firmware*any
qualcommsrv1m*any
qualcommsrv1h_firmware*any
qualcommsrv1h*any
qualcommsnapdragon_auto_5g_modem-rf_gen_2_firmware*any
qualcommsnapdragon_auto_5g_modem-rf_gen_2*any
qualcommsa9000p_firmware*any
qualcommsa9000p*any
qualcommsa8775p_firmware*any
qualcommsa8775p*any
qualcommsa8770p_firmware*any
qualcommsa8770p*any
qualcommsa8650p_firmware*any
qualcommsa8650p*any
qualcommsa8620p_firmware*any
qualcommsa8620p*any
qualcommsa8255p_firmware*any
qualcommsa8255p*any
qualcommsa7775p_firmware*any
qualcommsa7775p*any
qualcommsa7255p_firmware*any
qualcommsa7255p*any
qualcommqca6698aq_firmware*any
qualcommqca6698aq*any
qualcommqca6584au_firmware*any
qualcommqca6584au*any
qualcommqamsrv1m_firmware*any
qualcommqamsrv1m*any
qualcommqamsrv1h_firmware*any
qualcommqamsrv1h*any
qualcommqam8775p_firmware*any
qualcommqam8775p*any
qualcommqam8650p_firmware*any
qualcommqam8650p*any
qualcommqam8255p_firmware*any
qualcommqam8255p*any

References 1

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.