CVE-2024-38412

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38412
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
History

05 Feb 2025, 13:58

Type Values Removed Values Added
References () https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html - () https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html - Patch, Vendor Advisory
Summary
  • (es) Corrupción de memoria al invocar llamadas IOCTL desde el espacio del usuario al espacio del kernel para gestionar errores de sesión.
First Time Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm fastconnect 7800
Qualcomm wsa8845h Firmware
Qualcomm wcd9395 Firmware
Qualcomm wcd9395
Qualcomm wsa8845h
Qualcomm
Qualcomm snapdragon 8 Gen 3 Mobile Firmware
Qualcomm snapdragon 8 Gen 3 Mobile
Qualcomm wcd9390
Qualcomm fastconnect 7800 Firmware
Qualcomm wcd9390 Firmware
Qualcomm wsa8845 Firmware
Qualcomm wsa8845
CPE cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

03 Feb 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-03 17:15

Updated : 2025-02-05 13:58

NVD link : CVE-2024-38412

Mitre link : CVE-2024-38412

CVE.ORG link : CVE-2024-38412

JSON object : View

Products Affected

qualcomm

  • snapdragon_8_gen_3_mobile_firmware
  • wsa8840
  • wcd9395
  • wcd9390_firmware
  • wsa8845_firmware
  • wcd9395_firmware
  • snapdragon_8_gen_3_mobile
  • wsa8845h
  • wsa8845h_firmware
  • wsa8840_firmware
  • wsa8845
  • fastconnect_7800_firmware
  • fastconnect_7800
  • wcd9390
CWE
CWE-416

Use After Free