CVE-2024-38399

Oct. 16, 2024, 6:17 p.m.

CVSS Score

7.8 / 10

Products Impacted

Vendor	Product	Versions
qualcomm	wsa8835_firmware wsa8835 wsa8830_firmware wsa8830 wsa8810_firmware wsa8810 wcn3950_firmware wcn3950 wcd9380_firmware wcd9380 wcd9375_firmware wcd9375 wcd9370_firmware wcd9370 srv1m_firmware srv1m srv1h_firmware srv1h snapdragon_8_gen_1_mobile_platform_firmware snapdragon_8_gen_1_mobile_platform snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware snapdragon_685_4g_mobile_platform_\(sm6225-ad\) snapdragon_680_4g_mobile_platform_firmware snapdragon_680_4g_mobile_platform sg4150p_firmware sg4150p sa9000p_firmware sa9000p sa8775p_firmware sa8775p sa8770p_firmware sa8770p sa8650p_firmware sa8650p sa8620p_firmware sa8620p sa8295p_firmware sa8295p sa8255p_firmware sa8255p sa8195p_firmware sa8195p sa8155p_firmware sa8155p sa7775p_firmware sa7775p sa7255p_firmware sa7255p sa6155p_firmware sa6155p qca6797aq_firmware qca6797aq qca6698aq_firmware qca6698aq qca6696_firmware qca6696 qca6688aq_firmware qca6688aq qca6595au_firmware qca6595au qca6595_firmware qca6595 qca6574au_firmware qca6574au qamsrv1m_firmware qamsrv1m qamsrv1h_firmware qamsrv1h qam8775p_firmware qam8775p qam8650p_firmware qam8650p qam8295p_firmware qam8295p qam8255p_firmware qam8255p fastconnect_7800_firmware fastconnect_7800 fastconnect_6900_firmware fastconnect_6900	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description

Memory corruption while processing user packets to generate page faults.

Weaknesses

CWE-416

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CWE ID: 416

Date

Published: Oct. 7, 2024, 1:15 p.m.

Last Modified: Oct. 16, 2024, 6:17 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	qualcomm	wsa8835_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8835	-	/	/	/	/	/	/	/
o	qualcomm	wsa8830_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8830	-	/	/	/	/	/	/	/
o	qualcomm	wsa8810_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8810	-	/	/	/	/	/	/	/
o	qualcomm	wcn3950_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcn3950	-	/	/	/	/	/	/	/
o	qualcomm	wcd9380_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9380	-	/	/	/	/	/	/	/
o	qualcomm	wcd9375_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9375	-	/	/	/	/	/	/	/
o	qualcomm	wcd9370_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9370	-	/	/	/	/	/	/	/
o	qualcomm	srv1m_firmware	-	/	/	/	/	/	/	/
h	qualcomm	srv1m	-	/	/	/	/	/	/	/
o	qualcomm	srv1h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	srv1h	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_8_gen_1_mobile_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_8_gen_1_mobile_platform	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_685_4g_mobile_platform_\(sm6225-ad\)	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_680_4g_mobile_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_680_4g_mobile_platform	-	/	/	/	/	/	/	/
o	qualcomm	sg4150p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sg4150p	-	/	/	/	/	/	/	/
o	qualcomm	sa9000p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa9000p	-	/	/	/	/	/	/	/
o	qualcomm	sa8775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8775p	-	/	/	/	/	/	/	/
o	qualcomm	sa8770p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8770p	-	/	/	/	/	/	/	/
o	qualcomm	sa8650p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8650p	-	/	/	/	/	/	/	/
o	qualcomm	sa8620p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8620p	-	/	/	/	/	/	/	/
o	qualcomm	sa8295p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8295p	-	/	/	/	/	/	/	/
o	qualcomm	sa8255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8255p	-	/	/	/	/	/	/	/
o	qualcomm	sa8195p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8195p	-	/	/	/	/	/	/	/
o	qualcomm	sa8155p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa8155p	-	/	/	/	/	/	/	/
o	qualcomm	sa7775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa7775p	-	/	/	/	/	/	/	/
o	qualcomm	sa7255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa7255p	-	/	/	/	/	/	/	/
o	qualcomm	sa6155p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sa6155p	-	/	/	/	/	/	/	/
o	qualcomm	qca6797aq_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6797aq	-	/	/	/	/	/	/	/
o	qualcomm	qca6698aq_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6698aq	-	/	/	/	/	/	/	/
o	qualcomm	qca6696_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6696	-	/	/	/	/	/	/	/
o	qualcomm	qca6688aq_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6688aq	-	/	/	/	/	/	/	/
o	qualcomm	qca6595au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6595au	-	/	/	/	/	/	/	/
o	qualcomm	qca6595_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6595	-	/	/	/	/	/	/	/
o	qualcomm	qca6574au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6574au	-	/	/	/	/	/	/	/
o	qualcomm	qamsrv1m_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qamsrv1m	-	/	/	/	/	/	/	/
o	qualcomm	qamsrv1h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qamsrv1h	-	/	/	/	/	/	/	/
o	qualcomm	qam8775p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8775p	-	/	/	/	/	/	/	/
o	qualcomm	qam8650p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8650p	-	/	/	/	/	/	/	/
o	qualcomm	qam8295p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8295p	-	/	/	/	/	/	/	/
o	qualcomm	qam8255p_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qam8255p	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_7800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_7800	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6900_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6900	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

7.8

Exploitability Score

1.8

Impact Score

5.9

Base Severity

HIGH

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

product-security@qualcomm.com

CVE-2024-38399

Tags

CVSS Score

Products Impacted

Description

Weaknesses

CWE-416

Use After Free

Date

Status : Analyzed

Source

CPEs

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

CVSS Vector String

References

Share