SecuriTricks - CVE-2024-23379

Description

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.

Product(s) Impacted

Vendor	Product	Versions
Qualcomm	Wsa8835 Firmware Wsa8835 Wsa8830 Firmware Wsa8830 Wsa8815 Firmware Wsa8815 Wsa8810 Firmware Wsa8810 Wcn3990 Firmware Wcn3990 Wcd9380 Firmware Wcd9380 Wcd9341 Firmware Wcd9341 Wcd9340 Firmware Wcd9340 Wcd9335 Firmware Wcd9335 Srv1m Firmware Srv1m Srv1h Firmware Srv1h Snapdragon Auto 5g Modem-rf Gen 2 Firmware Snapdragon Auto 5g Modem-rf Gen 2 Snapdragon 835 Mobile Pc Platform Firmware Snapdragon 835 Mobile Pc Platform Snapdragon 8 Gen 1 Mobile Platform Firmware Snapdragon 8 Gen 1 Mobile Platform Sd835 Firmware Sd835 Sa9000p Firmware Sa9000p Sa8775p Firmware Sa8775p Sa8770p Firmware Sa8770p Sa8650p Firmware Sa8650p Sa8620p Firmware Sa8620p Sa8255p Firmware Sa8255p Sa7775p Firmware Sa7775p Sa7255p Firmware Sa7255p Qca6698aq Firmware Qca6698aq Qca6584au Firmware Qca6584au Qca6320 Firmware Qca6320 Qca6310 Firmware Qca6310 Qamsrv1m Firmware Qamsrv1m Qamsrv1h Firmware Qamsrv1h Qam8775p Firmware Qam8775p Qam8650p Firmware Qam8650p Qam8255p Firmware Qam8255p Fastconnect 7800 Firmware Fastconnect 7800 Fastconnect 6900 Firmware Fastconnect 6900	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	qualcomm	wsa8835_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8835	-	/	/	/	/	/	/	/
o	qualcomm	wsa8830_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8830	-	/	/	/	/	/	/	/
o	qualcomm	wsa8815_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8815	-	/	/	/	/	/	/	/
o	qualcomm	wsa8810_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8810	-	/	/	/	/	/	/	/
o	qualcomm	wcn3990_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcn3990	-	/	/	/	/	/	/	/
o	qualcomm	wcd9380_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9380	-	/	/	/	/	/	/	/
o	qualcomm	wcd9341_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9341	-	/	/	/	/	/	/	/
o	qualcomm	wcd9340_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9340	-	/	/	/	/	/	/	/
o	qualcomm	wcd9335_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9335	-	/	/	/	/	/	/	/
o	qualcomm	srv1m_firmware	-	/	/	/	/	/	/	/
h	qualcomm	srv1m	-	/	/	/	/	/	/	/
o	qualcomm	srv1h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	srv1h	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_auto_5g_modem-rf_gen_2_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_auto_5g_modem-rf_gen_2	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_835_mobile_pc_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_835_mobile_pc_platform	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_8_gen_1_mobile_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_8_gen_1_mobile_platform	-	/	/	/	/	/	/	/
o	qualcomm	sd835_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sd835	-	/	/	/	/	/	/	/
o	qualcomm	sa9000p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa9000p	-	/	/	/	/	/	/	/
o	qualcomm	sa8775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8775p	-	/	/	/	/	/	/	/
o	qualcomm	sa8770p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8770p	-	/	/	/	/	/	/	/
o	qualcomm	sa8650p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8650p	-	/	/	/	/	/	/	/
o	qualcomm	sa8620p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8620p	-	/	/	/	/	/	/	/
o	qualcomm	sa8255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8255p	-	/	/	/	/	/	/	/
o	qualcomm	sa7775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa7775p	-	/	/	/	/	/	/	/
o	qualcomm	sa7255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa7255p	-	/	/	/	/	/	/	/
o	qualcomm	qca6698aq_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6698aq	-	/	/	/	/	/	/	/
o	qualcomm	qca6584au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6584au	-	/	/	/	/	/	/	/
o	qualcomm	qca6320_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6320	-	/	/	/	/	/	/	/
o	qualcomm	qca6310_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6310	-	/	/	/	/	/	/	/
o	qualcomm	qamsrv1m_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qamsrv1m	-	/	/	/	/	/	/	/
o	qualcomm	qamsrv1h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qamsrv1h	-	/	/	/	/	/	/	/
o	qualcomm	qam8775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8775p	-	/	/	/	/	/	/	/
o	qualcomm	qam8650p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8650p	-	/	/	/	/	/	/	/
o	qualcomm	qam8255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8255p	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_7800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_7800	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6900_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6900	-	/	/	/	/	/	/	/

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

CVSS Score

6.7 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: HIGH
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Oct. 7, 2024, 1:15 p.m.
Last Modified: Oct. 16, 2024, 7:58 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

CVE-2024-23379