Qualcomm Snapdragon Auto up to X75 5G Modem-RF System use after free

Summaryinfo

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in use after free. This vulnerability is known as CVE-2024-38424. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. It has been classified as critical. This affects an unknown function. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability.

It is possible to read the advisory at docs.qualcomm.com. This vulnerability is uniquely identified as CVE-2024-38424 since 06/16/2024. The exploitability is told to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 11/04/2024).

Upgrading eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Connectivity
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Mobile
• Snapdragon Wearables

Version

• 4 Gen 1 Mobile Platform
• 4 Gen 2 Mobile Platform
• 8 Gen 1 Mobile Platform
• 8 Gen 2 Mobile Platform
• 8 Gen 3 Mobile Platform
• 8+ Gen 1 Mobile Platform
• 8+ Gen 2 Mobile Platform
• 429 Mobile Platform
• 460 Mobile Platform
• 480 5G Mobile Platform
• 480+ 5G Mobile Platform (SM4350-AC)
• 662 Mobile Platform
• 680 4G Mobile Platform
• 685 4G Mobile Platform (SM6225-AD)
• 695 5G Mobile Platform
• AR8035
• Auto 5G Modem-RF Gen 2
• FastConnect 6200
• FastConnect 6700
• FastConnect 6900
• FastConnect 7800
• QAM8255P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA6174A
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6688AQ
• QCA6696
• QCA6698AQ
• QCA6797AQ
• QCA8081
• QCA8337
• QCC710
• QCM4325
• QCM4490
• QCM6125
• QCM8550
• QCN6224
• QCN6274
• QCS4490
• QCS6125
• QCS6490
• QCS8550
• QEP8111
• QFW7114
• QFW7124
• Qualcomm Video Collaboration VC1 Platform
• Qualcomm Video Collaboration VC3 Platform
• SA6155P
• SA7255P
• SA7775P
• SA8155P
• SA8195P
• SA8255P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SD 8 Gen1 5G
• SDM429W
• SG4150P
• SG8275P
• SM4635
• SM8550P
• SM8635
• SM8750
• SM8750P
• SRV1H
• SRV1L
• SRV1M
• SW5100
• SW5100P
• SXR2230P
• SXR2250P
• TalynPlus
• Vision Intelligence 400 Platform
• W5+ Gen 1 Wearable Platform
• WCD9335
• WCD9340
• WCD9341
• WCD9370
• WCD9375
• WCD9378
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3620
• WCN3660B
• WCN3950
• WCN3980
• WCN3988
• WCN3990
• WCN6740
• WCN6755
• WCN7860
• WCN7861
• WCN7880
• WCN7881
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• X35 5G Modem-RF System
• X72 5G Modem-RF System
• X75 5G Modem-RF System

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion