Skip to main content

Csr8811 Firmware CVE-2024-21482

HIGH
Buffer Overflow (CWE-119)
2024-07-01 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 01, 2024 - 15:15 nvd
HIGH 7.8

DescriptionNVD

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image.

AnalysisAI

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image. Affected products include: Qualcomm Csr8811 Firmware, Qualcomm Immersive Home 214 Platform Firmware, Qualcomm Immersive Home 216 Platform Firmware, Qualcomm Immersive Home 316 Platform Firmware, Qualcomm Immersive Home 318 Platform Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-33066 CRITICAL
9.8 Oct 07

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2024-21473 CRITICAL
9.8 Apr 01

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2023-33083 CRITICAL
9.8 Dec 05

Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-33082 CRITICAL
9.8 Dec 05

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve

CVE-2023-33045 CRITICAL
9.8 Nov 07

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity

CVE-2023-33028 CRITICAL
9.8 Oct 03

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln

CVE-2022-25748 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (

CVE-2021-1976 CRITICAL
9.8 Sep 17

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap

CVE-2021-1972 CRITICAL
9.8 Sep 08

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com

CVE-2021-1965 CRITICAL POC
9.8 Jul 13

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdrago

CVE-2023-33032 CRITICAL
9.3 Jan 02

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3

CVE-2023-33030 CRITICAL
9.3 Jan 02

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no

Share

CVE-2024-21482 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy