CVE-2024-21474

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21474
Memory corruption when size of buffer from previous call is used without validation or re-initialization.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sa8530p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8530p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sc8280xp-abbb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8280xp-abbb:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_x65_5g_modem-rf:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
History

15 Jan 2025, 16:57

Type Values Removed Values Added
CPE cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8280xp-abbb:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8530p:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8280xp-abbb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa8530p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_x65_5g_modem-rf:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
References () https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html - () https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html - Vendor Advisory
CWE CWE-787
First Time Qualcomm sa8540p Firmware
Qualcomm ar8035
Qualcomm fastconnect 7800
Qualcomm sa8530p Firmware
Qualcomm sc8280xp-abbb
Qualcomm sc8280xp-abbb Firmware
Qualcomm qca6698aq Firmware
Qualcomm snapdragon X65 5g Modem-rf
Qualcomm wsa8845h Firmware
Qualcomm wsa8845h
Qualcomm qam8295p
Qualcomm qca6595
Qualcomm wcd9385 Firmware
Qualcomm qca8081
Qualcomm fastconnect 6900 Firmware
Qualcomm sa8295p
Qualcomm sa9000p Firmware
Qualcomm snapdragon X65 5g Modem-rf Firmware
Qualcomm qca6696 Firmware
Qualcomm qca6574au Firmware
Qualcomm sc8380xp
Qualcomm qam8295p Firmware
Qualcomm qca8337
Qualcomm wsa8840
Qualcomm qca6698aq
Qualcomm sc8380xp Firmware
Qualcomm wcd9380 Firmware
Qualcomm qca6696
Qualcomm qca8337 Firmware
Qualcomm wsa8840 Firmware
Qualcomm qca6595 Firmware
Qualcomm sa9000p
Qualcomm wcd9380
Qualcomm wsa8835 Firmware
Qualcomm fastconnect 6900
Qualcomm sa8530p
Qualcomm ar8035 Firmware
Qualcomm sa8295p Firmware
Qualcomm wsa8835
Qualcomm wsa8845 Firmware
Qualcomm wsa8845
Qualcomm wsa8830 Firmware
Qualcomm qca8081 Firmware
Qualcomm wsa8830
Qualcomm wcd9385
Qualcomm fastconnect 7800 Firmware
Qualcomm sa8540p
Qualcomm
Qualcomm qca6574au

21 Nov 2024, 08:54

Type Values Removed Values Added
Summary
  • (es) Corrupción de la memoria cuando se utiliza el tamaño del búfer de la llamada anterior sin validación o reinicialización.
References () https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html - () https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html -

06 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-06 15:15

Updated : 2025-01-15 16:57

NVD link : CVE-2024-21474

Mitre link : CVE-2024-21474

CVE.ORG link : CVE-2024-21474

JSON object : View

Products Affected

qualcomm

  • qam8295p
  • wsa8840_firmware
  • qam8295p_firmware
  • sc8380xp_firmware
  • qca8337_firmware
  • wsa8840
  • sa8530p_firmware
  • snapdragon_x65_5g_modem-rf
  • qca6595_firmware
  • wsa8845
  • sc8380xp
  • wsa8845h_firmware
  • ar8035_firmware
  • qca6696
  • fastconnect_7800
  • sa8530p
  • sc8280xp-abbb_firmware
  • sa9000p_firmware
  • wsa8830
  • wcd9380
  • sa8540p
  • qca8337
  • wsa8830_firmware
  • wcd9385
  • qca6696_firmware
  • wsa8835
  • sa9000p
  • ar8035
  • qca6698aq
  • wsa8845_firmware
  • wcd9385_firmware
  • fastconnect_7800_firmware
  • qca6574au
  • qca8081
  • qca6698aq_firmware
  • snapdragon_x65_5g_modem-rf_firmware
  • sa8295p
  • wsa8845h
  • qca6574au_firmware
  • fastconnect_6900_firmware
  • sc8280xp-abbb
  • fastconnect_6900
  • wcd9380_firmware
  • wsa8835_firmware
  • sa8540p_firmware
  • qca8081_firmware
  • qca6595
  • sa8295p_firmware
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write