Qualcomm Snapdragon Auto up to WSA8845H Hypervisor buffer over-read

Summaryinfo

A vulnerability classified as problematic has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon WBC and Snapdragon Wearables. This affects an unknown part of the component Hypervisor. The manipulation leads to buffer over-read. This vulnerability is uniquely identified as CVE-2024-43056. Local access is required to approach this attack. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon WBC and Snapdragon Wearables and classified as problematic. This issue affects some unknown processing of the component Hypervisor. The manipulation with an unknown input leads to a buffer over-read vulnerability. Using CWE to declare the problem leads to CWE-126. The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. Impacted is availability. The summary by CVE is:

Transient DOS during hypervisor virtual I/O operation in a virtual machine.

The advisory is shared at docs.qualcomm.com. The identification of this vulnerability is CVE-2024-43056 since 08/05/2024. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.

Upgrading eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon MDM
• Snapdragon Mobile
• Snapdragon Technology
• Snapdragon WBC
• Snapdragon Wearables

Version

• AQT1000
• AR8035
• FastConnect 6200
• FastConnect 6700
• FastConnect 6800
• FastConnect 6900
• FastConnect 7800
• QAM8255P
• QAM8295P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA6174A
• QCA6310
• QCA6335
• QCA6391
• QCA6420
• QCA6421
• QCA6426
• QCA6430
• QCA6431
• QCA6436
• QCA6564A
• QCA6564AU
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6678AQ
• QCA6696
• QCA6698AQ
• QCA6797AQ
• QCA8081
• QCA8337
• QCA9377
• QCC710
• QCM4490
• QCM5430
• QCM6490
• QCM8550
• QCN6224
• QCN6274
• QCN9274
• QCS4490
• QCS5430
• QCS6490
• QCS8550
• QCS9100
• QDU1000
• QDU1010
• QDU1110
• QDU1210
• QDX1010
• QDX1011
• QEP8111
• QFW7114
• QFW7124
• QRU1032
• QRU1052
• QRU1062
• QSM8350
• SA6145P
• SA6155
• SA6155P
• SA7255P
• SA7775P
• SA8150P
• SA8155
• SA8155P
• SA8255P
• SA8295P
• SA8540P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SC8380XP
• SD 8CX
• SD670
• SD 675
• SD675
• SD855
• SD865 5G
• SDM429W
• SDX55
• SDX57M
• SDX80M
• SG8275P
• SM4635
• SM6650
• SM7250P
• SM7635
• SM7675
• SM7675P
• SM8550P
• SM8635
• SM8635P
• SM8650Q
• SRV1H
• SRV1L
• SRV1M
• SSG2115P
• SSG2125P
• SXR1230P
• SXR2130
• SXR2230P
• SXR2250P
• SXR2330P
• TalynPlus
• WCD9326
• WCD9340
• WCD9341
• WCD9370
• WCD9375
• WCD9378
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3620
• WCN3660B
• WCN3680B
• WCN3950
• WCN3980
• WCN3988
• WCN3990
• WCN6450
• WCN6650
• WCN6755
• WCN7861
• WCN7881
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion