CVE-2024-21455

nvd nist

Published: Oct 7, 2024Modified: Aug 11, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: product-security@qualcomm.com (Secondary)

Description

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Affected (20)

Products: Qualcomm: Video Collaboration Vc1 Platform Firmware, Wsa8815 Firmware, Wsa8810 Firmware, Wcn3980 Firmware, Wcn3950 Firmware, Wcd9375 Firmware, Wcd9370 Firmware, Snapdragon Auto 5g Modem Rf Gen 2 Firmware, Snapdragon 685 4g Mobile Platform (sm6225 Ad) Firmware, Snapdragon 680 4g Mobile Platform Firmware, Sg4150p Firmware, Sa8295p Firmware, Qcs6125 Firmware, Qcm6125 Firmware, Qca6698aq Firmware, Qca6696 Firmware, Qca6688aq Firmware, Qca6595 Firmware, Qca6584au Firmware, Qam8295p Firmware

Qualcomm

20 products

Video Collaboration Vc1 Platform Firmware

Snapdragon Auto 5g Modem Rf Gen 2 Firmware

Snapdragon 685 4g Mobile Platform (sm6225 Ad) Firmware

Snapdragon 680 4g Mobile Platform Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Video Collaboration Vc1 Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Video Collaboration Vc1 Platform	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8815 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8815	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3980	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3950 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3950	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9375 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9375	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9370 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9370	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 685 4g Mobile Platform (sm6225 Ad) Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 685 4g Mobile Platform (sm6225 Ad)	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 680 4g Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 680 4g Mobile Platform	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sg4150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sg4150p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8295p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8295p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs6125	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcm6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcm6125	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6698aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6698aq	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6696 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6696	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6688aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6688aq	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6595 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6595	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6584au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6584au	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qam8295p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qam8295p	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-822

Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

Timeline

No history available yet.