Main Vulnerability Database Vulnerabilities #VU103535

Buffer overflow in Qualcomm products - CVE-2024-38413

Published: February 3, 2025

Vulnerability identifier: #VU103535

CSH Severity: Low

CVSS v4.0:

CVE-ID: CVE-2024-38413

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Qualcomm

Affected software:
FastConnect 7800
Snapdragon 8 Gen 3 Mobile Platform
WCD9390
WCD9395
WSA8840
WSA8845
WSA8845H

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling frame packets. A local user can trigger memory corruption and execute arbitrary code on the target system.

How to mitigate CVE-2024-38413

Install security update from vendor's website.

Sources

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html
https://git.codelinaro.org/clo/la/platform/vendor/opensource/eva-kernel/-/commit/3bc875b30c06fa6e3cadd8413ae4e4e24c28ff96

Buffer overflow in Qualcomm products - CVE-2024-38413

Detailed vulnerability description

How to mitigate CVE-2024-38413

Sources

Please verify you're human