CVE-2024-23370

EUVD-2024-20874
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
qualcommwsa8835_firmware
-
qualcommwsa8830_firmware
-
qualcommwcn3988_firmware
-
qualcommwcn3980_firmware
-
qualcommsw5100p_firmware
-
qualcommsw5100_firmware
-
qualcommsnapdragon_auto_5g_modem-rf_gen_2_firmware
-
qualcommqca9377_firmware
-
qualcommqca9367_firmware
-
qualcommqca6698aq_firmware
-
qualcommqca6584au_firmware
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qualcommqca6584au_firmware
𝑥
≤ *
ADP
qualcommqca6698aq_firmware
𝑥
≤ *
ADP
qualcommqca9367_firmware
𝑥
≤ *
ADP
qualcommqca9377_firmware
𝑥
≤ *
ADP
qualcommsnapdragon_auto_5g_modem-rf_gen_2_firmware
𝑥
≤ *
ADP
qualcommsw5100_firmware
𝑥
≤ *
ADP
qualcommsw5100p_firmware
𝑥
≤ *
ADP
qualcommwcn3980_firmware
𝑥
≤ *
ADP
qualcommwcn3988_firmware
𝑥
≤ *
ADP
qualcommwsa8830_firmware
𝑥
≤ *
ADP
qualcommwsa8835_firmware
𝑥
≤ *
ADP
Common Weakness Enumeration
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html