Vulnerabilities > CVE-2024-38425 - Incorrect Authorization vulnerability in Qualcomm products

CVSS 6.1 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

local

low complexity

qualcomm

CWE-863

NVD

Published: 2024-10-07

Updated: 2024-10-16

Summary

Information disclosure while sending implicit broadcast containing APP launch information.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Wsa8835 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wcd9380 Firmware - Qualcomm Snapdragon 8+ GEN 2 Mobile Platform Firmware - Qualcomm Snapdragon 8+ GEN 1 Mobile Platform Firmware - Qualcomm Snapdragon 8 GEN 3 Mobile Platform Firmware - Qualcomm Snapdragon 8 GEN 2 Mobile Platform Firmware - Qualcomm Snapdragon 8 GEN 1 Mobile Platform Firmware - Qualcomm Snapdragon 7+ GEN 2 Mobile Platform Firmware - Qualcomm Snapdragon 7 GEN 1 Mobile Platform Firmware - Qualcomm Snapdragon 695 5G Mobile Platform Firmware - Qualcomm Snapdragon 685 4G Mobile Platform (Sm6225 Ad) Firmware - Qualcomm Snapdragon 680 4G Mobile Platform Firmware - Qualcomm Snapdragon 662 Mobile Platform Firmware - Qualcomm Snapdragon 6 GEN 1 Mobile Platform Firmware - Qualcomm Snapdragon 480+ 5G Mobile Platform (Sm4350 Ac) Firmware - Qualcomm Snapdragon 480 5G Mobile Platform Firmware - Qualcomm Snapdragon 4 GEN 2 Mobile Platform Firmware - Qualcomm Snapdragon 4 GEN 1 Mobile Platform Firmware - Qualcomm Sm8750 Firmware - Qualcomm Sm8635 Firmware - Qualcomm Sm7435 Firmware - Qualcomm Fastconnect 7800 Firmware - Qualcomm Fastconnect 6900 Firmware -	24
Hardware	Qualcomm Qualcomm Wsa8835 - Qualcomm Wsa8830 - Qualcomm Wcd9380 - Qualcomm Snapdragon 8+ GEN 2 Mobile Platform - Qualcomm Snapdragon 8+ GEN 1 Mobile Platform - Qualcomm Snapdragon 8 GEN 3 Mobile Platform - Qualcomm Snapdragon 8 GEN 2 Mobile Platform - Qualcomm Snapdragon 8 GEN 1 Mobile Platform - Qualcomm Snapdragon 7+ GEN 2 Mobile Platform - Qualcomm Snapdragon 7 GEN 1 Mobile Platform - Qualcomm Snapdragon 695 5G Mobile Platform - Qualcomm Snapdragon 685 4G Mobile Platform (Sm6225 Ad) - Qualcomm Snapdragon 680 4G Mobile Platform - Qualcomm Snapdragon 662 Mobile Platform - Qualcomm Snapdragon 6 GEN 1 Mobile Platform - Qualcomm Snapdragon 480+ 5G Mobile Platform (Sm4350 Ac) - Qualcomm Snapdragon 480 5G Mobile Platform - Qualcomm Snapdragon 4 GEN 2 Mobile Platform - Qualcomm Snapdragon 4 GEN 1 Mobile Platform - Qualcomm Sm8750 - Qualcomm Sm8635 - Qualcomm Sm7435 - Qualcomm Fastconnect 7800 - Qualcomm Fastconnect 6900 -	24

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html