#VU99691 Use of Out-of-range Pointer Offset in Qualcomm products - CVE-2024-23377
Published: November 4, 2024
Vulnerability identifier: #VU99691
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23377
CWE-ID: CWE-823
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
FastConnect 6900
FastConnect 7800
QCA6391
QCM8550
QCS7230
QCS8250
QCS8550
Qualcomm Video Collaboration VC5 Platform
SD 8 Gen1 5G
SG8275
SG8275P
SM7525
SM7550
SM8550P
Snapdragon 8 Gen 2 Mobile Platform
Snapdragon 8+ Gen 2 Mobile Platform
Snapdragon AR2 Gen 1 Platform
SSG2115P
SSG2125P
SXR1230P
SXR2230P
SXR2250P
WCD9370
WCD9371
WCD9375
WCD9378
WCD9380
WCD9385
WCD9390
WCD9395
WCN6650
WCN6755
WCN7880
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
WSA8832
FastConnect 6900
FastConnect 7800
QCA6391
QCM8550
QCS7230
QCS8250
QCS8550
Qualcomm Video Collaboration VC5 Platform
SD 8 Gen1 5G
SG8275
SG8275P
SM7525
SM7550
SM8550P
Snapdragon 8 Gen 2 Mobile Platform
Snapdragon 8+ Gen 2 Mobile Platform
Snapdragon AR2 Gen 1 Platform
SSG2115P
SSG2125P
SXR1230P
SXR2230P
SXR2250P
WCD9370
WCD9371
WCD9375
WCD9378
WCD9380
WCD9385
WCD9390
WCD9395
WCN6650
WCN6755
WCN7880
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in ComputerVision. A local privileged application can execute arbitrary code.
Remediation
Install security update from vendor's website.