CVE-2024-38425

nvd nist

Published: Oct 7, 2024Modified: Oct 16, 2024

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 1.8 / Impact: 4.2

Source: product-security@qualcomm.com (Secondary)

Description

Information disclosure while sending implicit broadcast containing APP launch information.

Affected (24)

22 products

Snapdragon 8 Gen 2 Mobile Platform Firmware

Snapdragon 8 Gen 1 Mobile Platform Firmware

Snapdragon 8 Gen 3 Mobile Platform Firmware

Snapdragon 7+ Gen 2 Mobile Platform Firmware

Snapdragon 7 Gen 1 Mobile Platform Firmware

Snapdragon 695 5g Mobile Platform Firmware

Snapdragon 685 4g Mobile Platform (sm6225 Ad) Firmware

Snapdragon 680 4g Mobile Platform Firmware

Snapdragon 662 Mobile Platform Firmware

Snapdragon 6 Gen 1 Mobile Platform Firmware

Snapdragon 480+ 5g Mobile Platform (sm4350 Ac) Firmware

Snapdragon 480 5g Mobile Platform Firmware

Snapdragon 4 Gen 2 Mobile Platform Firmware

Snapdragon 4 Gen 1 Mobile Platform Firmware

Sm8750 Firmware

Sm8635 Firmware

Sm7435 Firmware

Fastconnect 7800 Firmware

Fastconnect 6900 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9380 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9380	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8+ Gen 1 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8+ Gen 1 Mobile Platform	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8 Gen 3 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8 Gen 3 Mobile Platform	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8 Gen 2 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8 Gen 2 Mobile Platform	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 8 Gen 1 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 8 Gen 1 Mobile Platform	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 7+ Gen 2 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 7+ Gen 2 Mobile Platform	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 7 Gen 1 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 7 Gen 1 Mobile Platform	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 695 5g Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 695 5g Mobile Platform	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 685 4g Mobile Platform (sm6225 Ad) Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 685 4g Mobile Platform (sm6225 Ad)	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 680 4g Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 680 4g Mobile Platform	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 662 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 662 Mobile Platform	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 6 Gen 1 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 6 Gen 1 Mobile Platform	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 480+ 5g Mobile Platform (sm4350 Ac) Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 480+ 5g Mobile Platform (sm4350 Ac)	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 480 5g Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 480 5g Mobile Platform	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 4 Gen 2 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 4 Gen 2 Mobile Platform	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon 4 Gen 1 Mobile Platform Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon 4 Gen 1 Mobile Platform	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8750 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8750	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8635 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8635	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7435 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7435	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 7800 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 7800	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Fastconnect 6900 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Fastconnect 6900	All versions

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Source: product-security@qualcomm.com

Vendor Advisory

Timeline

No history available yet.