Main Vulnerability Database Vulnerabilities #VU103535

#VU103535 Buffer overflow in Qualcomm products - CVE-2024-38413

Published: February 3, 2025

Vulnerability identifier: #VU103535

Vulnerability risk: Low

CVSSv4.0:

CVE-ID: CVE-2024-38413

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FastConnect 7800
Snapdragon 8 Gen 3 Mobile Platform
WCD9390
WCD9395
WSA8840
WSA8845
WSA8845H

Software vendor:
Qualcomm

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling frame packets. A local user can trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install security update from vendor's website.

External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html
https://git.codelinaro.org/clo/la/platform/vendor/opensource/eva-kernel/-/commit/3bc875b30c06fa6e3cadd8413ae4e4e24c28ff96

#VU103535 Buffer overflow in Qualcomm products - CVE-2024-38413

Description

Remediation

External links

Please verify you're human