#VU93536 Integer underflow in Qualcomm products - CVE-2024-21466
Published: July 1, 2024
Vulnerability identifier: #VU93536
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-21466
CWE-ID: CWE-191
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FastConnect 7800
Immersive Home 3210 Platform
Immersive Home 326 Platform
IPQ5300
IPQ5302
IPQ5312
IPQ5332
IPQ9008
IPQ9554
IPQ9570
IPQ9574
QAM8255P
QAM8620P
QAM8650P
QAM8775P
QAMSRV1H
QAMSRV1M
QCA0000
QCA6554A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595
QCA6595AU
QCA6678AQ
QCA6696
QCA6698AQ
QCA8075
QCA8081
QCA8082
QCA8084
QCA8085
QCA8386
QCC2073
QCC2076
QCF8000
QCF8001
QCN5124
QCN6402
QCN6412
QCN6422
QCN6432
QCN9000
QCN9074
QCN9274
SA7255P
SA7775P
SA8255P
SA8650P
SA8770P
SA8775P
SRV1H
SRV1L
SRV1M
SW5100
SW5100P
WCN3980
WCN3988
WSA8830
WSA8835
QCA6574AU
SA8620P
SA9000P
FastConnect 7800
Immersive Home 3210 Platform
Immersive Home 326 Platform
IPQ5300
IPQ5302
IPQ5312
IPQ5332
IPQ9008
IPQ9554
IPQ9570
IPQ9574
QAM8255P
QAM8620P
QAM8650P
QAM8775P
QAMSRV1H
QAMSRV1M
QCA0000
QCA6554A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595
QCA6595AU
QCA6678AQ
QCA6696
QCA6698AQ
QCA8075
QCA8081
QCA8082
QCA8084
QCA8085
QCA8386
QCC2073
QCC2076
QCF8000
QCF8001
QCN5124
QCN6402
QCN6412
QCN6422
QCN6432
QCN9000
QCN9074
QCN9274
SA7255P
SA7775P
SA8255P
SA8650P
SA8770P
SA8775P
SRV1H
SRV1L
SRV1M
SW5100
SW5100P
WCN3980
WCN3988
WSA8830
WSA8835
QCA6574AU
SA8620P
SA9000P
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can read memory contents or crash the system.
Remediation
Install security update from vendor's website.