CVE-2024-38414

Feb. 5, 2025, 1:58 p.m.

6.1
Medium

Description

Information disclosure while processing information on firmware image during core initialization.

Product(s) Impacted

Vendor Product Versions
Qualcomm
  • Fastconnect 6900 Firmware
  • Fastconnect 6900
  • Fastconnect 7800 Firmware
  • Fastconnect 7800
  • Qam8295p Firmware
  • Qam8295p
  • Qca6174a Firmware
  • Qca6174a
  • Qca6574au Firmware
  • Qca6574au
  • Qca6696 Firmware
  • Qca6696
  • Sa6145p Firmware
  • Sa6145p
  • Sa6150p Firmware
  • Sa6150p
  • Sa6155p Firmware
  • Sa6155p
  • Sa8145p Firmware
  • Sa8145p
  • Sa8150p Firmware
  • Sa8150p
  • Sa8155p Firmware
  • Sa8155p
  • Sa8195p Firmware
  • Sa8195p
  • Sa8295p Firmware
  • Sa8295p
  • Sa8530p Firmware
  • Sa8530p
  • Sa8540p Firmware
  • Sa8540p
  • Sa9000p Firmware
  • Sa9000p
  • Snapdragon 8 Gen 1 Mobile Firmware
  • Snapdragon 8 Gen 1 Mobile
  • Snapdragon 888 5g Mobile Firmware
  • Snapdragon 888 5g Mobile
  • Snapdragon 888\+ 5g Mobile Firmware
  • Snapdragon 888\+ 5g Mobile
  • Snapdragon W5\+ Gen 1 Wearable Firmware
  • Snapdragon W5\+ Gen 1 Wearable
  • Sw5100 Firmware
  • Sw5100
  • Sw5100p Firmware
  • Sw5100p
  • Wcd9380 Firmware
  • Wcd9380
  • Wcd9385 Firmware
  • Wcd9385
  • Wcn3980 Firmware
  • Wcn3980
  • Wcn3988 Firmware
  • Wcn3988
  • Wsa8830 Firmware
  • Wsa8830
  • Wsa8835 Firmware
  • Wsa8835
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm fastconnect_6900_firmware - / / / / / / /
h qualcomm fastconnect_6900 - / / / / / / /
o qualcomm fastconnect_7800_firmware - / / / / / / /
h qualcomm fastconnect_7800 - / / / / / / /
o qualcomm qam8295p_firmware - / / / / / / /
h qualcomm qam8295p - / / / / / / /
o qualcomm qca6174a_firmware - / / / / / / /
h qualcomm qca6174a - / / / / / / /
o qualcomm qca6574au_firmware - / / / / / / /
h qualcomm qca6574au - / / / / / / /
o qualcomm qca6696_firmware - / / / / / / /
h qualcomm qca6696 - / / / / / / /
o qualcomm sa6145p_firmware - / / / / / / /
h qualcomm sa6145p - / / / / / / /
o qualcomm sa6150p_firmware - / / / / / / /
h qualcomm sa6150p - / / / / / / /
o qualcomm sa6155p_firmware - / / / / / / /
h qualcomm sa6155p - / / / / / / /
o qualcomm sa8145p_firmware - / / / / / / /
h qualcomm sa8145p - / / / / / / /
o qualcomm sa8150p_firmware - / / / / / / /
h qualcomm sa8150p - / / / / / / /
o qualcomm sa8155p_firmware - / / / / / / /
h qualcomm sa8155p - / / / / / / /
o qualcomm sa8195p_firmware - / / / / / / /
h qualcomm sa8195p - / / / / / / /
o qualcomm sa8295p_firmware - / / / / / / /
h qualcomm sa8295p - / / / / / / /
o qualcomm sa8530p_firmware - / / / / / / /
h qualcomm sa8530p - / / / / / / /
o qualcomm sa8540p_firmware - / / / / / / /
h qualcomm sa8540p - / / / / / / /
o qualcomm sa9000p_firmware - / / / / / / /
h qualcomm sa9000p - / / / / / / /
o qualcomm snapdragon_8_gen_1_mobile_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_1_mobile - / / / / / / /
o qualcomm snapdragon_888_5g_mobile_firmware - / / / / / / /
h qualcomm snapdragon_888_5g_mobile - / / / / / / /
o qualcomm snapdragon_888\+_5g_mobile_firmware - / / / / / / /
h qualcomm snapdragon_888\+_5g_mobile - / / / / / / /
o qualcomm snapdragon_w5\+_gen_1_wearable_firmware - / / / / / / /
h qualcomm snapdragon_w5\+_gen_1_wearable - / / / / / / /
o qualcomm sw5100_firmware - / / / / / / /
h qualcomm sw5100 - / / / / / / /
o qualcomm sw5100p_firmware - / / / / / / /
h qualcomm sw5100p - / / / / / / /
o qualcomm wcd9380_firmware - / / / / / / /
h qualcomm wcd9380 - / / / / / / /
o qualcomm wcd9385_firmware - / / / / / / /
h qualcomm wcd9385 - / / / / / / /
o qualcomm wcn3980_firmware - / / / / / / /
h qualcomm wcn3980 - / / / / / / /
o qualcomm wcn3988_firmware - / / / / / / /
h qualcomm wcn3988 - / / / / / / /
o qualcomm wsa8830_firmware - / / / / / / /
h qualcomm wsa8830 - / / / / / / /
o qualcomm wsa8835_firmware - / / / / / / /
h qualcomm wsa8835 - / / / / / / /

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Tags

CWE-125
product-security@qualcomm.com
CWE-126
2025-02-03
CVE-2024-38414

CVSS Score

6.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

    View Vector String

Timeline

Published: Feb. 3, 2025, 5:15 p.m.
Last Modified: Feb. 5, 2025, 1:58 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.