CVE-2024-21455

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21455
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc1_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc1_platform:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_685_4g_mobile_platform_\(sm6225-ad\):-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_680_4g_mobile_platform:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sg4150p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:qca6688aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6688aq:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-10-07 13:15

Updated : 2024-10-16 20:30

NVD link : CVE-2024-21455

Mitre link : CVE-2024-21455

CVE.ORG link : CVE-2024-21455

JSON object : View

Products Affected

qualcomm

  • qualcomm_video_collaboration_vc1_platform_firmware
  • wcd9370_firmware
  • qca6688aq
  • wcn3980
  • qca6698aq
  • qca6595_firmware
  • wcd9375_firmware
  • snapdragon_685_4g_mobile_platform_\(sm6225-ad\)
  • snapdragon_680_4g_mobile_platform_firmware
  • qualcomm_video_collaboration_vc1_platform
  • qca6595
  • snapdragon_auto_5g_modem-rf_gen_2_firmware
  • sg4150p
  • qcm6125
  • qca6696
  • qam8295p_firmware
  • wsa8810
  • sa8295p
  • qca6584au
  • wcd9370
  • wcn3950_firmware
  • wsa8815_firmware
  • snapdragon_680_4g_mobile_platform
  • sg4150p_firmware
  • wcd9375
  • qca6688aq_firmware
  • wsa8810_firmware
  • qcm6125_firmware
  • qcs6125_firmware
  • wsa8815
  • wcn3980_firmware
  • snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware
  • qcs6125
  • snapdragon_auto_5g_modem-rf_gen_2
  • qca6698aq_firmware
  • qca6584au_firmware
  • qca6696_firmware
  • sa8295p_firmware
  • wcn3950
  • qam8295p
CWE
CWE-822

Untrusted Pointer Dereference

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer