CVE-2024-23350

Published: Aug 5, 2024Modified: Nov 26, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: product-security@qualcomm.com (Secondary)

Description

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Affected (25)

Products: Qualcomm: Wsa8845h Firmware, Wsa8845 Firmware, Wsa8840 Firmware, Wcd9395 Firmware, Wcd9390 Firmware, Wcd9340 Firmware, Snapdragon X75 5g Modem Rf System Firmware, Snapdragon X72 5g Modem Rf System Firmware, Snapdragon X35 5g Modem Rf System Firmware, Snapdragon Auto 5g Modem Rf Gen 2 Firmware, Snapdragon 8 Gen 3 Mobile Platform Firmware, Qfw7124 Firmware, Qfw7114 Firmware, Qep8111 Firmware, Qcn6274 Firmware, Qcn6224 Firmware, Qcc710 Firmware, Qca8337 Firmware, Qca8081 Firmware, Qca6698aq Firmware, Qca6584au Firmware, Qca6174a Firmware, Fastconnect 7800 Firmware, Fastconnect 6900 Firmware, Ar8035 Firmware

25 products

Snapdragon X75 5g Modem Rf System Firmware

Snapdragon X72 5g Modem Rf System Firmware

Snapdragon X35 5g Modem Rf System Firmware

Snapdragon Auto 5g Modem Rf Gen 2 Firmware

Snapdragon 8 Gen 3 Mobile Platform Firmware

Fastconnect 7800 Firmware

Fastconnect 6900 Firmware

Ar8035 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8845h Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8845h	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8845	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8840 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8840	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9395 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9395	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9390 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9390	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9340 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9340	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X75 5g Modem Rf System Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X75 5g Modem Rf System	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X72 5g Modem Rf System Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X72 5g Modem Rf System	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon X35 5g Modem Rf System Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon X35 5g Modem Rf System	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8 Gen 3 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8 Gen 3 Mobile Platform	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfw7124 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfw7124	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfw7114 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfw7114	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qep8111 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qep8111	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn6274 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn6274	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn6224 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn6224	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcc710 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcc710	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8337 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8337	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8081 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8081	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6698aq Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6698aq	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6584au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6584au	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6174a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6174a	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 7800 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 7800	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 6900 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 6900	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar8035 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar8035	All versions

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

Timeline

No history available yet.