Qualcomm Snapdragon up to SXR1230P TEE access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Qualcomm Snapdragon. It has been classified as critical. Affected is an unknown function of the component TEE. Performing a manipulation results in access control. This vulnerability was named CVE-2024-21469. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon. This affects an unknown code block of the component TEE. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability.
The advisory is shared at docs.qualcomm.com. This vulnerability is uniquely identified as CVE-2024-21469 since 12/12/2023. The exploitability is told to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
Upgrading eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
- 4 Gen 1 Mobile Platform
- 4 Gen 2 Mobile Platform
- 8 Gen 1 Mobile Platform
- 8 Gen 2 Mobile Platform
- 8 Gen 3 Mobile Platform
- 8+ Gen 1 Mobile Platform
- 8+ Gen 2 Mobile Platform
- 8c Compute Platform (SC8180X-AD) "Poipu Lite"
- 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
- 8cx Compute Platform (SC8180X-AA
- 8cx Compute Platform (SC8180XP-AC
- 8cx Gen 2 5G Compute Platform (SC8180X-AC
- 8cx Gen 2 5G Compute Platform (SC8180XP-AA
- 8cx Gen 3 Compute Platform (SC8280XP-AB
- 460 Mobile Platform
- 480 5G Mobile Platform
- 480+ 5G Mobile Platform (SM4350-AC)
- 662 Mobile Platform
- 665 Mobile Platform
- 670 Mobile Platform
- 675 Mobile Platform
- 678 Mobile Platform (SM6150-AC)
- 680 4G Mobile Platform
- 685 4G Mobile Platform (SM6225-AD)
- 690 5G Mobile Platform
- 695 5G Mobile Platform
- 750G 5G Mobile Platform
- 765 5G Mobile Platform (SM7250-AA)
- 765G 5G Mobile Platform (SM7250-AB)
- 768G 5G Mobile Platform (SM7250-AC)
- 845 Mobile Platform
- 850 Mobile Compute Platform
- 855 Mobile Platform
- 855+
- 860 Mobile Platform (SM8150-AC)
- 865 5G Mobile Platform
- 865+ 5G Mobile Platform (SM8250-AB)
- 870 5G Mobile Platform (SM8250-AC)
- 888 5G Mobile Platform
- 888+ 5G Mobile Platform (SM8350-AC)
- 9205 LTE Modem
- AB)
- AF) "Poipu Pro"
- AQT1000
- AR2 Gen 1 Platform
- AR8031
- AR8035
- Auto 5G Modem-RF Gen 2
- BB)
- CSRA6620
- CSRA6640
- FastConnect 6200
- FastConnect 6700
- FastConnect 6800
- FastConnect 6900
- FastConnect 7800
- Flight RB5 5G Platform
- QAM8255P
- QAM8295P
- QAM8620P
- QAM8650P
- QAM8775P
- QAMSRV1H
- QAMSRV1M
- QCA4004
- QCA6174A
- QCA6310
- QCA6335
- QCA6391
- QCA6420
- QCA6421
- QCA6426
- QCA6430
- QCA6431
- QCA6436
- QCA6564A
- QCA6564AU
- QCA6574
- QCA6574A
- QCA6574AU
- QCA6584AU
- QCA6595
- QCA6595AU
- QCA6678AQ
- QCA6688AQ
- QCA6696
- QCA6698AQ
- QCA6797AQ
- QCA8081
- QCA8337
- QCA9377
- QCA9984
- QCC710
- QCM2290
- QCM4290
- QCM4490
- QCM5430
- QCM6490
- QCM8550
- QCN6024
- QCN6224
- QCN6274
- QCN7606
- QCN9011
- QCN9012
- QCN9024
- QCS2290
- QCS4290
- QCS4490
- QCS5430
- QCS6490
- QCS7230
- QCS8155
- QCS8250
- QCS8550
- QDU1000
- QDU1010
- QDU1110
- QDU1210
- QDX1010
- QDX1011
- QEP8111
- QFW7114
- QFW7124
- QRB5165M
- QRB5165N
- QRU1032
- QRU1052
- QRU1062
- QSM8250
- QSM8350
- Qualcomm Video Collaboration VC3 Platform
- Qualcomm Video Collaboration VC5 Platform
- Robotics RB3 Platform
- Robotics RB5 Platform
- SA4150P
- SA4155P
- SA6145P
- SA6150P
- SA6155
- SA6155P
- SA7255P
- SA7775P
- SA8145P
- SA8150P
- SA8155
- SA8155P
- SA8195P
- SA8255P
- SA8295P
- SA8540P
- SA8620P
- SA8650P
- SA8770P
- SA8775P
- SA9000P
- SC8380XP
- SD 8 Gen1 5G
- SD 8CX
- SD460
- SD662
- SD670
- SD 675
- SD675
- SD855
- SD865 5G
- SDX55
- SDX57M
- SG8275P
- SM4125
- SM6370
- SM7250P
- SM8550P
- Smart Audio 400 Platform
- SRV1H
- SRV1L
- SRV1M
- SSG2115P
- SSG2125P
- SXR
- SXR1230P
License
Website
- Vendor: https://www.qualcomm.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.3
CNA Vector (Qualcomm, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
12/12/2023 🔍07/01/2024 🔍
07/01/2024 🔍
07/01/2024 🔍
Sources
Vendor: qualcomm.comAdvisory: docs.qualcomm.com
Status: Confirmed
CVE: CVE-2024-21469 (🔍)
GCVE (CVE): GCVE-0-2024-21469
GCVE (VulDB): GCVE-100-270093
Entry
Created: 07/01/2024 17:26Changes: 07/01/2024 17:26 (63)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.