Snapdragon 855 860 Mobile Platform Sm8150 Ac Firmware
CVE-2024-23352
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (qualcomm) · only source for this CVE.
CVSS VectorVendor: qualcomm
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA.
AnalysisAI
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-835. Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. Affected products include: Qualcomm Snapdragon 855\+\/860 Mobile Platform \(Sm8150-Ac\) Firmware, Qualcomm Wsa8845H Firmware, Qualcomm Wsa8845 Firmware, Qualcomm Wsa8840 Firmware, Qualcomm Wsa8835 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated
Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high se
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5
Cryptographic issue while parsing RSA keys in COBR format. Rated high severity (CVSS 7.1), this vulnerability is low att
memory corruption when an invalid firehose patch command is invoked. Rated medium severity (CVSS 6.8), this vulnerabilit
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verifi
There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is great
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments f
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical se
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today