CVE-2024-23374

Oct. 16, 2024, 8:26 p.m.

CVSS Score

6.7 / 10

Products Impacted

Vendor	Product	Versions
qualcomm	wsa8835_firmware wsa8835 wsa8830_firmware wsa8830 wcn3988_firmware wcn3988 wcn3980_firmware wcn3980 wcd9380_firmware wcd9380 sw5100p_firmware sw5100p sw5100_firmware sw5100 snapdragon_w5\+_gen_1_wearable_platform_firmware snapdragon_w5\+_gen_1_wearable_platform snapdragon_auto_5g_modem-rf_gen_2_firmware snapdragon_auto_5g_modem-rf_gen_2 snapdragon_8_gen_1_mobile_platform_firmware snapdragon_8_gen_1_mobile_platform sa8195p_firmware sa8195p sa8155p_firmware sa8155p sa8150p_firmware sa8150p sa8145p_firmware sa8145p sa6155p_firmware sa6155p sa6150p_firmware sa6150p sa6145p_firmware sa6145p qca9377_firmware qca9377 qca9367_firmware qca9367 qca6698aq_firmware qca6698aq qca6696_firmware qca6696 qca6584au_firmware qca6584au qca6574au_firmware qca6574au qca6174a_firmware qca6174a fastconnect_7800_firmware fastconnect_7800 fastconnect_6900_firmware fastconnect_6900	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.

Weaknesses

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE ID: 121

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE ID: 787

Date

Published: Oct. 7, 2024, 1:15 p.m.

Last Modified: Oct. 16, 2024, 8:26 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	qualcomm	wsa8835_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8835	-	/	/	/	/	/	/	/
o	qualcomm	wsa8830_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8830	-	/	/	/	/	/	/	/
o	qualcomm	wcn3988_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcn3988	-	/	/	/	/	/	/	/
o	qualcomm	wcn3980_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcn3980	-	/	/	/	/	/	/	/
o	qualcomm	wcd9380_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9380	-	/	/	/	/	/	/	/
o	qualcomm	sw5100p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sw5100p	-	/	/	/	/	/	/	/
o	qualcomm	sw5100_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sw5100	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_w5\+_gen_1_wearable_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_w5\+_gen_1_wearable_platform	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_auto_5g_modem-rf_gen_2_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_auto_5g_modem-rf_gen_2	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_8_gen_1_mobile_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_8_gen_1_mobile_platform	-	/	/	/	/	/	/	/
o	qualcomm	sa8195p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8195p	-	/	/	/	/	/	/	/
o	qualcomm	sa8155p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8155p	-	/	/	/	/	/	/	/
o	qualcomm	sa8150p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8150p	-	/	/	/	/	/	/	/
o	qualcomm	sa8145p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8145p	-	/	/	/	/	/	/	/
o	qualcomm	sa6155p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa6155p	-	/	/	/	/	/	/	/
o	qualcomm	sa6150p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa6150p	-	/	/	/	/	/	/	/
o	qualcomm	sa6145p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa6145p	-	/	/	/	/	/	/	/
o	qualcomm	qca9377_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca9377	-	/	/	/	/	/	/	/
o	qualcomm	qca9367_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca9367	-	/	/	/	/	/	/	/
o	qualcomm	qca6698aq_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6698aq	-	/	/	/	/	/	/	/
o	qualcomm	qca6696_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6696	-	/	/	/	/	/	/	/
o	qualcomm	qca6584au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6584au	-	/	/	/	/	/	/	/
o	qualcomm	qca6574au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6574au	-	/	/	/	/	/	/	/
o	qualcomm	qca6174a_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6174a	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_7800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_7800	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6900_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6900	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

6.7

Exploitability Score

0.8

Impact Score

5.9

Base Severity

MEDIUM

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

https://docs.qualcomm.com/ product-security@qualcomm.com

CVE-2024-23374

Tags

CVSS Score

Products Impacted

Description

Weaknesses

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

Date

Status : Analyzed

Source

CPEs

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

CVSS Vector String

References

Share