Vulnerabilities > CVE-2024-23370 - Use After Free vulnerability in Qualcomm products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-416

NVD

Published: 2024-10-07

Updated: 2024-10-16

Summary

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Wsa8835 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wcn3988 Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Sw5100P Firmware - Qualcomm Sw5100 Firmware - Qualcomm Snapdragon Auto 5G Modem RF GEN 2 Firmware - Qualcomm Qca9377 Firmware - Qualcomm Qca9367 Firmware - Qualcomm Qca6698Aq Firmware - Qualcomm Qca6584Au Firmware -	11
Hardware	Qualcomm Qualcomm Wsa8835 - Qualcomm Wsa8830 - Qualcomm Wcn3988 - Qualcomm Wcn3980 - Qualcomm Sw5100P - Qualcomm Sw5100 - Qualcomm Snapdragon Auto 5G Modem RF GEN 2 - Qualcomm Qca9377 - Qualcomm Qca9367 - Qualcomm Qca6698Aq - Qualcomm Qca6584Au -	11

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html