CVE-2024-21452

nvd nist

Published: Apr 1, 2024Modified: Jan 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions.

Affected (6)

Products: Qualcomm: C V2x 9150 Firmware, Qca6584au Firmware, Qca6698aq Firmware, Snapdragon Auto 5g Modem Rf Firmware, Snapdragon Auto 5g Modem Rf Gen 2 Firmware, Snapdragon Auto 4g Modem Firmware

6 products

Snapdragon Auto 5g Modem Rf Firmware

Snapdragon Auto 5g Modem Rf Gen 2 Firmware

Snapdragon Auto 4g Modem Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm C V2x 9150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm C V2x 9150	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6584au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6584au	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6698aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6698aq	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 5g Modem Rf Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 5g Modem Rf	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 4g Modem Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 4g Modem	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.