CVE-2024-21476: memory corruption from unvalidated channel ID
CVE-2024-21476 Published on May 6, 2024

Improper Input Validation in Secure Processor
Memory corruption when the channel ID passed by user is not validated and further used.

NVD

Vulnerability Analysis

CVE-2024-21476 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-21476

Want to know whenever a new CVE is published for Qualcomm products? stack.watch will email you.

Qualcomm Aqt1000 Firmware

Qualcomm Ar8035 Firmware

Qualcomm Fastconnect 6200 Firmware

Qualcomm Fastconnect 6800 Firmware

Qualcomm Fastconnect 6900 Firmware

Qualcomm Fastconnect 7800 Firmware

Qualcomm Qca1062 Firmware

Qualcomm Qca1064 Firmware

Qualcomm Qca6391 Firmware

Qualcomm Qca6420 Firmware

Qualcomm Qca6421 Firmware

Qualcomm Qca6426 Firmware

Qualcomm Qca6430 Firmware

Qualcomm Qca6431 Firmware

Qualcomm Qca6436 Firmware

Qualcomm Qca8337 Firmware

Qualcomm Qsm8250 Firmware

Qualcomm Sc8180x Firmware

Qualcomm Sdx55 Firmware

Qualcomm Sc8380xp Firmware

Qualcomm Sd865 5g Firmware

Qualcomm Snapdragon 865 5g Mobile Platform Firmware

Qualcomm Snapdragon 870 5g Mobile Platform Firmware

Qualcomm Snapdragon 888 5g Mobile Platform Firmware

Qualcomm Snapdragon 8cx Compute Platform Firmware

Qualcomm Snapdragon X55 5g Modem Rf System Firmware

Qualcomm Snapdragon Xr2 5g Platform Firmware

Qualcomm Sxr2130 Firmware

Qualcomm Wcd9340 Firmware

Qualcomm Wcd9341 Firmware

Qualcomm Wcd9380 Firmware

Qualcomm Wcd9385 Firmware

Qualcomm Wsa8810 Firmware

Qualcomm Wsa8815 Firmware

Qualcomm Wsa8830 Firmware

Qualcomm Wsa8835 Firmware

Qualcomm Wsa8840 Firmware

Qualcomm Wsa8845 Firmware

Qualcomm Wsa8845h Firmware

Affected Versions

Qualcomm, Inc. Snapdragon:

Version AQT1000 is affected.
Version AR8035 is affected.
Version FastConnect 6200 is affected.
Version FastConnect 6800 is affected.
Version FastConnect 6900 is affected.
Version FastConnect 7800 is affected.
Version QCA1062 is affected.
Version QCA1064 is affected.
Version QCA6391 is affected.
Version QCA6420 is affected.
Version QCA6421 is affected.
Version QCA6426 is affected.
Version QCA6430 is affected.
Version QCA6431 is affected.
Version QCA6436 is affected.
Version QCA8337 is affected.
Version QSM8250 is affected.
Version SC8180X+SDX55 is affected.
Version SC8380XP is affected.
Version SD865 5G is affected.
Version SDX55 is affected.
Version Snapdragon 865 5G Mobile Platform is affected.
Version Snapdragon 865+ 5G Mobile Platform (SM8250-AB) is affected.
Version Snapdragon 870 5G Mobile Platform (SM8250-AC) is affected.
Version Snapdragon 888 5G Mobile Platform is affected.
Version Snapdragon 888+ 5G Mobile Platform (SM8350-AC) is affected.
Version Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" is affected.
Version Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" is affected.
Version Snapdragon 8cx Compute Platform (SC8180X-AA, AB) is affected.
Version Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" is affected.
Version Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" is affected.
Version Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) is affected.
Version Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) is affected.
Version Snapdragon X55 5G Modem-RF System is affected.
Version Snapdragon XR2 5G Platform is affected.
Version Snapdragon XR2+ Gen 1 Platform is affected.
Version SXR2130 is affected.
Version WCD9340 is affected.
Version WCD9341 is affected.
Version WCD9380 is affected.
Version WCD9385 is affected.
Version WSA8810 is affected.
Version WSA8815 is affected.
Version WSA8830 is affected.
Version WSA8835 is affected.
Version WSA8840 is affected.
Version WSA8845 is affected.
Version WSA8845H is affected.

qualcomm aqt1000_firmware:

Version - is affected.

qualcomm ar8035_firmware:

Version - is affected.

qualcomm fastconnect_6200_firmware:

Version - is affected.

qualcomm fastconnect_6800_firmware:

Version - is affected.

qualcomm fastconnect_6900_firmware:

Version - is affected.

qualcomm fastconnect_7800_firmware:

Version - is affected.

qualcomm qca1062_firmware:

Version - is affected.

qualcomm qca1064_firmware:

Version - is affected.

qualcomm qca6391_firmware:

Version - is affected.

qualcomm qca6420_firmware:

Version - is affected.

qualcomm qca6421_firmware:

Version - is affected.

qualcomm qca6426_firmware:

Version - is affected.

qualcomm qca6430_firmware:

Version - is affected.

qualcomm qca6431_firmware:

Version - is affected.

qualcomm qca6436_firmware:

Version - is affected.

qualcomm qca8337_firmware:

Version - is affected.

qualcomm qsm8250_firmware:

Version - is affected.

qualcomm sc8180x_firmware:

Version - is affected.

qualcomm sdx55_firmware:

Version - is affected.

qualcomm sc8380xp_firmware:

Version - is affected.

qualcomm sd865_5g_firmware:

Version - is affected.

qualcomm snapdragon_865_5g_mobile_platform_firmware:

Version - is affected.

qualcomm snapdragon_870_5g_mobile_platform_firmware:

Version - is affected.

qualcomm snapdragon_888_5g_mobile_platform_firmware:

Version - is affected.

qualcomm snapdragon_8cx_compute_platform_firmware:

Version - is affected.

qualcomm snapdragon_x55_5g_modem-rf_system_firmware:

Version - is affected.

qualcomm snapdragon_xr2_5g_platform_firmware:

Version - is affected.

qualcomm sxr2130_firmware:

Version - is affected.

qualcomm wcd9340_firmware:

Version - is affected.

qualcomm wcd9341_firmware:

Version - is affected.

qualcomm wcd9380_firmware:

Version - is affected.

qualcomm wcd9385_firmware:

Version - is affected.

qualcomm wsa8810_firmware:

Version - is affected.

qualcomm wsa8815_firmware:

Version - is affected.

qualcomm wsa8830_firmware:

Version - is affected.

qualcomm wsa8835_firmware:

Version - is affected.

qualcomm wsa8840_firmware:

Version - is affected.

qualcomm wsa8845_firmware:

Version - is affected.

qualcomm wsa8845h_firmware:

Version - is affected.

Exploit Probability

EPSS

0.11%

Percentile

29.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2024-21476: memory corruption from unvalidated channel IDCVE-2024-21476 Published on May 6, 2024

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2024-21476

Affected Versions

Exploit Probability

CVE-2024-21476: memory corruption from unvalidated channel ID
CVE-2024-21476 Published on May 6, 2024