Qualcomm Snapdragon Auto up to X75 5G Modem-RF System Modem assertion

Summaryinfo

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables and classified as critical. This issue affects some unknown processing of the component Modem. Performing a manipulation results in assertion. This vulnerability is reported as CVE-2024-23385. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables. It has been classified as critical. This affects an unknown part of the component Modem. The manipulation with an unknown input leads to a assertion vulnerability. CWE is classifying the issue as CWE-617. The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. This is going to have an impact on availability. The summary by CVE is:

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

The advisory is shared at docs.qualcomm.com. This vulnerability is uniquely identified as CVE-2024-23385 since 01/16/2024. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.

Upgrading eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Industrial IOT
• Snapdragon MDM
• Snapdragon Mobile
• Snapdragon WBC
• Snapdragon Wearables

Version

• 4 Gen 1 Mobile Platform
• 8 Gen 1 Mobile Platform
• 8 Gen 2 Mobile Platform
• 8 Gen 3 Mobile Platform
• 8+ Gen 1 Mobile Platform
• 8+ Gen 2 Mobile Platform
• 208 Processor
• 210 Processor
• 212 Mobile Platform
• 425 Mobile Platform
• 429 Mobile Platform
• 430 Mobile Platform
• 439 Mobile Platform
• 480 5G Mobile Platform
• 480+ 5G Mobile Platform (SM4350-AC)
• 695 5G Mobile Platform
• APQ8017
• APQ8037
• AR8035
• Auto 5G Modem-RF Gen 2
• FastConnect 6200
• FastConnect 6700
• FastConnect 6900
• FastConnect 7800
• FSM10055
• FSM10056
• MSM8108
• MSM8209
• MSM8608
• QCA6174A
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595AU
• QCA6696
• QCA6698AQ
• QCA8081
• QCA8337
• QCC710
• QCM4490
• QCM8550
• QCN6024
• QCN6224
• QCN6274
• QCN9024
• QCS4490
• QCS8550
• QEP8111
• QFW7114
• QFW7124
• Qualcomm 205 Mobile Platform
• SDM429W
• SDX55
• SDX57M
• SDX61
• SDX71M
• SG8275P
• SM6370
• SM8550P
• SM8635
• Smart Audio 200 Platform
• WCD9326
• WCD9340
• WCD9360
• WCD9370
• WCD9375
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3610
• WCN3615
• WCN3620
• WCN3660B
• WCN3680B
• WCN3950
• WCN3980
• WCN3988
• WCN6755
• Wear 4100+ Platform
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• X35 5G Modem-RF System
• X62 5G Modem-RF System
• X65 5G Modem-RF System
• X70 Modem-RF System
• X72 5G Modem-RF System
• X75 5G Modem-RF System

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion