Firmware MemCor via Incorrect Protocol Size
CVE-2024-21475 Published on May 6, 2024
Use of Out-of-range Pointer Offset in Video
Memory corruption when the payload received from firmware is not as per the expected protocol size.
Vulnerability Analysis
CVE-2024-21475 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is an Untrusted pointer offset Vulnerability?
The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
CVE-2024-21475 has been classified to as an Untrusted pointer offset vulnerability or weakness.
Products Associated with CVE-2024-21475
Want to know whenever a new CVE is published for Google Android? stack.watch will email you.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version 315 5G IoT Modem is affected.
- Version AQT1000 is affected.
- Version AR8031 is affected.
- Version AR8035 is affected.
- Version C-V2X 9150 is affected.
- Version CSRA6620 is affected.
- Version CSRA6640 is affected.
- Version FastConnect 6200 is affected.
- Version FastConnect 6700 is affected.
- Version FastConnect 6800 is affected.
- Version FastConnect 6900 is affected.
- Version FastConnect 7800 is affected.
- Version Flight RB5 5G Platform is affected.
- Version FSM10055 is affected.
- Version FSM10056 is affected.
- Version FSM20055 is affected.
- Version FSM20056 is affected.
- Version MDM9628 is affected.
- Version QAM8255P is affected.
- Version QAM8295P is affected.
- Version QAM8650P is affected.
- Version QAM8775P is affected.
- Version QAMSRV1H is affected.
- Version QAMSRV1M is affected.
- Version QCA6174A is affected.
- Version QCA6391 is affected.
- Version QCA6420 is affected.
- Version QCA6421 is affected.
- Version QCA6426 is affected.
- Version QCA6430 is affected.
- Version QCA6431 is affected.
- Version QCA6436 is affected.
- Version QCA6564 is affected.
- Version QCA6564A is affected.
- Version QCA6564AU is affected.
- Version QCA6574 is affected.
- Version QCA6574A is affected.
- Version QCA6574AU is affected.
- Version QCA6584AU is affected.
- Version QCA6595 is affected.
- Version QCA6595AU is affected.
- Version QCA6678AQ is affected.
- Version QCA6696 is affected.
- Version QCA6698AQ is affected.
- Version QCA6797AQ is affected.
- Version QCA8081 is affected.
- Version QCA8337 is affected.
- Version QCA9367 is affected.
- Version QCA9377 is affected.
- Version QCC710 is affected.
- Version QCM2290 is affected.
- Version QCM4290 is affected.
- Version QCM4325 is affected.
- Version QCM4490 is affected.
- Version QCM5430 is affected.
- Version QCM6125 is affected.
- Version QCM6490 is affected.
- Version QCM8550 is affected.
- Version QCN6024 is affected.
- Version QCN6224 is affected.
- Version QCN6274 is affected.
- Version QCN9011 is affected.
- Version QCN9012 is affected.
- Version QCN9024 is affected.
- Version QCN9074 is affected.
- Version QCS2290 is affected.
- Version QCS410 is affected.
- Version QCS4290 is affected.
- Version QCS4490 is affected.
- Version QCS5430 is affected.
- Version QCS610 is affected.
- Version QCS6125 is affected.
- Version QCS6490 is affected.
- Version QCS7230 is affected.
- Version QCS8155 is affected.
- Version QCS8250 is affected.
- Version QCS8550 is affected.
- Version QDU1000 is affected.
- Version QDU1010 is affected.
- Version QDU1110 is affected.
- Version QDU1210 is affected.
- Version QDX1010 is affected.
- Version QDX1011 is affected.
- Version QEP8111 is affected.
- Version QFW7114 is affected.
- Version QFW7124 is affected.
- Version QRB5165M is affected.
- Version QRB5165N is affected.
- Version QRU1032 is affected.
- Version QRU1052 is affected.
- Version QRU1062 is affected.
- Version QSM8250 is affected.
- Version QSM8350 is affected.
- Version Qualcomm 215 Mobile Platform is affected.
- Version Qualcomm Video Collaboration VC1 Platform is affected.
- Version Qualcomm Video Collaboration VC3 Platform is affected.
- Version Qualcomm Video Collaboration VC5 Platform is affected.
- Version Robotics RB5 Platform is affected.
- Version SA4150P is affected.
- Version SA4155P is affected.
- Version SA6145P is affected.
- Version SA6150P is affected.
- Version SA6155 is affected.
- Version SA6155P is affected.
- Version SA7255P is affected.
- Version SA8145P is affected.
- Version SA8150P is affected.
- Version SA8155 is affected.
- Version SA8155P is affected.
- Version SA8195P is affected.
- Version SA8255P is affected.
- Version SA8295P is affected.
- Version SA8530P is affected.
- Version SA8540P is affected.
- Version SA8620P is affected.
- Version SA8650P is affected.
- Version SA8770P is affected.
- Version SA8775P is affected.
- Version SA9000P is affected.
- Version SD 675 is affected.
- Version SD 8 Gen1 5G is affected.
- Version SD660 is affected.
- Version SD675 is affected.
- Version SD730 is affected.
- Version SD855 is affected.
- Version SD865 5G is affected.
- Version SD888 is affected.
- Version SDX55 is affected.
- Version SG4150P is affected.
- Version SG8275P is affected.
- Version SM4125 is affected.
- Version SM6250 is affected.
- Version SM6370 is affected.
- Version SM7250P is affected.
- Version SM7315 is affected.
- Version SM7325P is affected.
- Version SM8550P is affected.
- Version Smart Audio 400 Platform is affected.
- Version Snapdragon 4 Gen 1 Mobile Platform is affected.
- Version Snapdragon 4 Gen 2 Mobile Platform is affected.
- Version Snapdragon 439 Mobile Platform is affected.
- Version Snapdragon 460 Mobile Platform is affected.
- Version Snapdragon 480 5G Mobile Platform is affected.
- Version Snapdragon 480+ 5G Mobile Platform (SM4350-AC) is affected.
- Version Snapdragon 660 Mobile Platform is affected.
- Version Snapdragon 662 Mobile Platform is affected.
- Version Snapdragon 675 Mobile Platform is affected.
- Version Snapdragon 678 Mobile Platform (SM6150-AC) is affected.
- Version Snapdragon 680 4G Mobile Platform is affected.
- Version Snapdragon 685 4G Mobile Platform (SM6225-AD) is affected.
- Version Snapdragon 690 5G Mobile Platform is affected.
- Version Snapdragon 695 5G Mobile Platform is affected.
- Version Snapdragon 720G Mobile Platform is affected.
- Version Snapdragon 730 Mobile Platform (SM7150-AA) is affected.
- Version Snapdragon 730G Mobile Platform (SM7150-AB) is affected.
- Version Snapdragon 732G Mobile Platform (SM7150-AC) is affected.
- Version Snapdragon 750G 5G Mobile Platform is affected.
- Version Snapdragon 765 5G Mobile Platform (SM7250-AA) is affected.
- Version Snapdragon 765G 5G Mobile Platform (SM7250-AB) is affected.
- Version Snapdragon 768G 5G Mobile Platform (SM7250-AC) is affected.
- Version Snapdragon 778G 5G Mobile Platform is affected.
- Version Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) is affected.
- Version Snapdragon 780G 5G Mobile Platform is affected.
- Version Snapdragon 782G Mobile Platform (SM7325-AF) is affected.
- Version Snapdragon 7c Compute Platform (SC7180-AC) is affected.
- Version Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro" is affected.
- Version Snapdragon 7c+ Gen 3 Compute is affected.
- Version Snapdragon 8 Gen 1 Mobile Platform is affected.
- Version Snapdragon 8 Gen 2 Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 1 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 2 Mobile Platform is affected.
- Version Snapdragon 855 Mobile Platform is affected.
- Version Snapdragon 855+/860 Mobile Platform (SM8150-AC) is affected.
- Version Snapdragon 865 5G Mobile Platform is affected.
- Version Snapdragon 865+ 5G Mobile Platform (SM8250-AB) is affected.
- Version Snapdragon 870 5G Mobile Platform (SM8250-AC) is affected.
- Version Snapdragon 888 5G Mobile Platform is affected.
- Version Snapdragon 888+ 5G Mobile Platform (SM8350-AC) is affected.
- Version Snapdragon AR2 Gen 1 Platform is affected.
- Version Snapdragon Auto 5G Modem-RF is affected.
- Version Snapdragon Auto 5G Modem-RF Gen 2 is affected.
- Version Snapdragon W5+ Gen 1 Wearable Platform is affected.
- Version Snapdragon Wear 4100+ Platform is affected.
- Version Snapdragon X12 LTE Modem is affected.
- Version Snapdragon X35 5G Modem-RF System is affected.
- Version Snapdragon X50 5G Modem-RF System is affected.
- Version Snapdragon X55 5G Modem-RF System is affected.
- Version Snapdragon X65 5G Modem-RF System is affected.
- Version Snapdragon X72 5G Modem-RF System is affected.
- Version Snapdragon X75 5G Modem-RF System is affected.
- Version Snapdragon XR2 5G Platform is affected.
- Version Snapdragon XR2+ Gen 1 Platform is affected.
- Version Snapdragon Auto 4G Modem is affected.
- Version SRV1H is affected.
- Version SRV1M is affected.
- Version SSG2115P is affected.
- Version SSG2125P is affected.
- Version SW5100 is affected.
- Version SW5100P is affected.
- Version SXR1230P is affected.
- Version SXR2130 is affected.
- Version SXR2230P is affected.
- Version SXR2250P is affected.
- Version TalynPlus is affected.
- Version WCD9326 is affected.
- Version WCD9335 is affected.
- Version WCD9340 is affected.
- Version WCD9341 is affected.
- Version WCD9360 is affected.
- Version WCD9370 is affected.
- Version WCD9371 is affected.
- Version WCD9375 is affected.
- Version WCD9380 is affected.
- Version WCD9385 is affected.
- Version WCD9390 is affected.
- Version WCD9395 is affected.
- Version WCN3610 is affected.
- Version WCN3615 is affected.
- Version WCN3660B is affected.
- Version WCN3680B is affected.
- Version WCN3910 is affected.
- Version WCN3950 is affected.
- Version WCN3980 is affected.
- Version WCN3988 is affected.
- Version WCN3990 is affected.
- Version WCN6740 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
- Version * is affected.
Exploit Probability
EPSS
0.11%
Percentile
29.75%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.