CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

History

02 Jul 2024, 17:56

Type	Values Removed	Values Added
First Time		Qualcomm Qualcomm sm8550p Firmware Qualcomm wcd9380 Firmware Qualcomm wsa8845 Qualcomm sg8275p Qualcomm fastconnect 7800 Firmware Qualcomm wsa8845 Firmware Qualcomm wsa8840 Firmware Qualcomm sg8275p Firmware Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Qualcomm qcm8550 Firmware Qualcomm wcd9395 Qualcomm wcd9390 Qualcomm snapdragon 8 Gen 2 Mobile Platform Qualcomm wsa8840 Qualcomm wcd9380 Qualcomm qcm8550 Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Firmware Qualcomm sm8550p Qualcomm wsa8845h Firmware Qualcomm qcs8550 Qualcomm wcd9385 Firmware Qualcomm wcd9385 Qualcomm wcd9390 Firmware Qualcomm snapdragon 8 Gen 2 Mobile Platform Firmware Qualcomm qcs8550 Firmware Qualcomm fastconnect 7800 Qualcomm fastconnect 6900 Qualcomm wsa8845h Qualcomm fastconnect 6900 Firmware Qualcomm wcd9395 Firmware
CPE		cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:::::::* cpe:2.3:o:qualcomm:wsa8845_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:wsa8840:-:::::::* cpe:2.3:o:qualcomm:wcd9395_firmware:-:::::::* cpe:2.3:h:qualcomm:sg8275p:-:::::::* cpe:2.3:o:qualcomm:wsa8840_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9395:-:::::::* cpe:2.3:o:qualcomm:sm8550p_firmware:-:::::::* cpe:2.3:o:qualcomm:qcm8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845h_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845h:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:o:qualcomm:wcd9390_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:h:qualcomm:sm8550p:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:qcm8550:-:::::::* cpe:2.3:o:qualcomm:sg8275p_firmware:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:h:qualcomm:wcd9390:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.5
Summary		(es) Divulgación de información cuando ASLR reubica las partes IMEM y DDR segura como un solo fragmento en el espacio de direcciones virtuales.
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory

01 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 15:15

Updated : 2024-07-02 17:56

NVD link : CVE-2024-21460

Mitre link : CVE-2024-21460

CVE.ORG link : CVE-2024-21460

JSON object : View

Products Affected

qualcomm

wcd9395_firmware
snapdragon_8_gen_2_mobile_platform
snapdragon_8_gen_2_mobile_platform_firmware
wsa8845h_firmware
snapdragon_8\+_gen_2_mobile_platform
sm8550p
snapdragon_8\+_gen_2_mobile_platform_firmware
wcd9395
wcd9380_firmware
fastconnect_7800
wsa8840
fastconnect_6900
wcd9385
qcm8550_firmware
wsa8845h
fastconnect_6900_firmware
wsa8845
wcd9390
sg8275p
wcd9380
sg8275p_firmware
qcs8550_firmware
wsa8840_firmware
fastconnect_7800_firmware
sm8550p_firmware
wcd9390_firmware
wcd9385_firmware
wsa8845_firmware
qcs8550
qcm8550

CWE

CWE-330

Use of Insufficiently Random Values

6.5 /10