CVE-2024-23375

nvd nist

Published: Oct 7, 2024Modified: Oct 16, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: product-security@qualcomm.com (Secondary)

Description

Memory corruption during the network scan request.

Affected (14)

Products: Qualcomm: Wsa8835 Firmware, Wsa8830 Firmware, Wcn3988 Firmware, Wcn3980 Firmware, Wcn3680b Firmware, Wcn3660b Firmware, Sw5100p Firmware, Sw5100 Firmware, Snapdragon W5+ Gen 1 Wearable Platform Firmware, Sa8195p Firmware, Sa8155p Firmware, Sa6155p Firmware, Sa4155p Firmware, Sa4150p Firmware

14 products

Snapdragon W5+ Gen 1 Wearable Platform Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3988 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3988	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3980	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3680b Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3680b	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3660b Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3660b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sw5100p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sw5100p	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sw5100 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sw5100	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon W5+ Gen 1 Wearable Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon W5+ Gen 1 Wearable Platform	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8195p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8195p	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8155p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6155p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa4155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa4155p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa4150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa4150p	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

Timeline

No history available yet.