Buffer over-read in Qualcomm products - CVE-2024-23358

 

Buffer over-read in Qualcomm products - CVE-2024-23358

Published: September 2, 2024


Vulnerability identifier: #VU96679
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-23358
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Qualcomm
Affected software:
APQ8017
SDM429W
WSA8832
APQ8037
AR8035
FastConnect 7800
MSM8108
MSM8209
MSM8608
QCA6584AU
QCA6698AQ
QCA8081
QCA8337
QCC710
QCN6224
QCN6274
QFW7114
QFW7124
Qualcomm 205 Mobile Platform
SM8635
Smart Audio 200 Platform
Snapdragon 208 Processor
Snapdragon 210 Processor
Snapdragon 212 Mobile Platform
Snapdragon 425 Mobile Platform
Snapdragon 429 Mobile Platform
Snapdragon 430 Mobile Platform
Snapdragon 439 Mobile Platform
Snapdragon 8 Gen 3 Mobile Platform
Snapdragon Auto 5G Modem-RF Gen 2
Snapdragon Wear 4100+ Platform
Snapdragon X72 5G Modem-RF System
Snapdragon X75 5G Modem-RF System
WCD9326
WCD9340
WCD9370
WCD9375
WCD9390
WCD9395
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680B
WCN3980
WCN6755
WSA8810
WSA8815
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.


How to mitigate CVE-2024-23358

Install security update from vendor's website.

Sources