Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Published

2024-11-04T10:15:04.100

Last Modified

2024-11-07T19:59:06.997

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-823
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	wsa8845h_firmware	-	Yes
Hardware	qualcomm	wsa8845h	-	No
Operating System	qualcomm	wsa8845_firmware	-	Yes
Hardware	qualcomm	wsa8845	-	No
Operating System	qualcomm	wsa8840_firmware	-	Yes
Hardware	qualcomm	wsa8840	-	No
Operating System	qualcomm	wsa8835_firmware	-	Yes
Hardware	qualcomm	wsa8835	-	No
Operating System	qualcomm	wsa8832_firmware	-	Yes
Hardware	qualcomm	wsa8832	-	No
Operating System	qualcomm	wsa8830_firmware	-	Yes
Hardware	qualcomm	wsa8830	-	No
Operating System	qualcomm	wcn7880_firmware	-	Yes
Hardware	qualcomm	wcn7880	-	No
Operating System	qualcomm	wcn6755_firmware	-	Yes
Hardware	qualcomm	wcn6755	-	No
Operating System	qualcomm	wcn6650_firmware	-	Yes
Hardware	qualcomm	wcn6650	-	No
Operating System	qualcomm	wcd9395_firmware	-	Yes
Hardware	qualcomm	wcd9395	-	No
Operating System	qualcomm	wcd9390_firmware	-	Yes
Hardware	qualcomm	wcd9390	-	No
Operating System	qualcomm	wcd9385_firmware	-	Yes
Hardware	qualcomm	wcd9385	-	No
Operating System	qualcomm	wcd9380_firmware	-	Yes
Hardware	qualcomm	wcd9380	-	No
Operating System	qualcomm	wcd9378_firmware	-	Yes
Hardware	qualcomm	wcd9378	-	No
Operating System	qualcomm	wcd9375_firmware	-	Yes
Hardware	qualcomm	wcd9375	-	No
Operating System	qualcomm	wcd9371_firmware	-	Yes
Hardware	qualcomm	wcd9371	-	No
Operating System	qualcomm	wcd9370_firmware	-	Yes
Hardware	qualcomm	wcd9370	-	No
Operating System	qualcomm	sxr2250p_firmware	-	Yes
Hardware	qualcomm	sxr2250p	-	No
Operating System	qualcomm	sxr2230p_firmware	-	Yes
Hardware	qualcomm	sxr2230p	-	No
Operating System	qualcomm	sxr1230p_firmware	-	Yes
Hardware	qualcomm	sxr1230p	-	No
Operating System	qualcomm	ssg2125p_firmware	-	Yes
Hardware	qualcomm	ssg2125p	-	No
Operating System	qualcomm	ssg2115p_firmware	-	Yes
Hardware	qualcomm	ssg2115p	-	No
Operating System	qualcomm	snapdragon_ar2_gen_1_platform_firmware	-	Yes
Hardware	qualcomm	snapdragon_ar2_gen_1_platform	-	No
Operating System	qualcomm	snapdragon_8\+_gen_2_mobile_platform_firmware	-	Yes
Hardware	qualcomm	snapdragon_8\+_gen_2_mobile_platform	-	No
Operating System	qualcomm	snapdragon_8_gen_2_mobile_platform_firmware	-	Yes
Hardware	qualcomm	snapdragon_8_gen_2_mobile_platform	-	No
Operating System	qualcomm	sm8550p_firmware	-	Yes
Hardware	qualcomm	sm8550p	-	No
Operating System	qualcomm	sm7550_firmware	-	Yes
Hardware	qualcomm	sm7550	-	No
Operating System	qualcomm	sm7525_firmware	-	Yes
Hardware	qualcomm	sm7525	-	No
Operating System	qualcomm	sg8275p_firmware	-	Yes
Hardware	qualcomm	sg8275p	-	No
Operating System	qualcomm	sg8275_firmware	-	Yes
Hardware	qualcomm	sg8275	-	No
Operating System	qualcomm	sd_8_gen1_5g_firmware	-	Yes
Hardware	qualcomm	sd_8_gen1_5g	-	No
Operating System	qualcomm	video_collaboration_vc5_platform_firmware	-	Yes
Hardware	qualcomm	video_collaboration_vc5_platform	-	No
Operating System	qualcomm	qcs8550_firmware	-	Yes
Hardware	qualcomm	qcs8550	-	No
Operating System	qualcomm	qcs8250_firmware	-	Yes
Hardware	qualcomm	qcs8250	-	No
Operating System	qualcomm	qcs7230_firmware	-	Yes
Hardware	qualcomm	qcs7230	-	No
Operating System	qualcomm	qcm8550_firmware	-	Yes
Hardware	qualcomm	qcm8550	-	No
Operating System	qualcomm	qca6391_firmware	-	Yes
Hardware	qualcomm	qca6391	-	No
Operating System	qualcomm	fastconnect_7800_firmware	-	Yes
Hardware	qualcomm	fastconnect_7800	-	No
Operating System	qualcomm	fastconnect_6900_firmware	-	Yes
Hardware	qualcomm	fastconnect_6900	-	No

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html Patch, Vendor Advisory ([email protected])