Video Collaboration Vc1 Platform Firmware
CVE-2024-21455
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (qualcomm) · only source for this CVE.
CVSS VectorVendor: qualcomm
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
AnalysisAI
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-822. Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. Affected products include: Qualcomm Video Collaboration Vc1 Platform Firmware, Qualcomm Wsa8815 Firmware, Qualcomm Wsa8810 Firmware, Qualcomm Wcn3980 Firmware, Qualcomm Wcn3950 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Rated critical severity (CVSS 9.
Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitt
Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. Rated high severi
Memory corruption while running VK synchronization with KASAN enabled. Rated high severity (CVSS 8.4), this vulnerabilit
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
Same weakness CWE-822 – Untrusted Pointer Dereference
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today