SecuriTricks - CVE-2024-38412

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

Product(s) Impacted

Vendor	Product	Versions
Qualcomm	Fastconnect 7800 Firmware Fastconnect 7800 Snapdragon 8 Gen 3 Mobile Firmware Snapdragon 8 Gen 3 Mobile Wcd9390 Firmware Wcd9390 Wcd9395 Firmware Wcd9395 Wsa8840 Firmware Wsa8840 Wsa8845 Firmware Wsa8845 Wsa8845h Firmware Wsa8845h	- - - - - - - - - - - - - -

Common security weaknesses mapped to this vulnerability.

CWE-416

Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	qualcomm	fastconnect_7800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_7800	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_8_gen_3_mobile_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_8_gen_3_mobile	-	/	/	/	/	/	/	/
o	qualcomm	wcd9390_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9390	-	/	/	/	/	/	/	/
o	qualcomm	wcd9395_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9395	-	/	/	/	/	/	/	/
o	qualcomm	wsa8840_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8840	-	/	/	/	/	/	/	/
o	qualcomm	wsa8845_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8845	-	/	/	/	/	/	/	/
o	qualcomm	wsa8845h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8845h	-	/	/	/	/	/	/	/

6.6 / 10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

View Vector String

Published: Feb. 3, 2025, 5:15 p.m.
Last Modified: Feb. 5, 2025, 1:58 p.m.

CVE has been recently published to the CVE List and has been received by the NVD.

More info

product-security@qualcomm.com