Skip to main content

Snapdragon 888 5G Mobile Platform Sm8350 Ac Firmware CVE-2024-23369

HIGH
Buffer Overflow (CWE-119)
2024-10-07 product-security@qualcomm.com
Buffer Overflow Snapdragon 888 5G Mobile Platform Sm8350 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware Wcn6755 Firmware Wcn3988 Firmware Wcn3950 Firmware Wcd9395 Firmware Wcd9390 Firmware Wcd9385 Firmware Wcd9380 Firmware Wcd9378 Firmware Wcd9375 Firmware Wcd9370 Firmware Wcd9340 Firmware Sxr2130 Firmware Srv1m Firmware Srv1l Firmware Srv1h Firmware Snapdragon Xr2 5g Platform Firmware Snapdragon X75 5g Modem Rf System Firmware Snapdragon X72 5g Modem Rf System Firmware Snapdragon X65 5g Modem Rf System Firmware Snapdragon X62 5g Modem Rf System Firmware Snapdragon X55 5g Modem Rf System Firmware Snapdragon X35 5g Modem Rf System Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Snapdragon 8Cx Gen 3 Compute Platform Sc8280Xp Ab Bb Firmware Snapdragon 888 5g Mobile Platform Firmware Snapdragon 870 5G Mobile Platform Sm8250 Ac Firmware Snapdragon 865 5g Mobile Platform Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Snapdragon 768G 5G Mobile Platform Sm7250 Ac Firmware Snapdragon 765G 5G Mobile Platform Sm7250 Ab Firmware Snapdragon 765 5G Mobile Platform Sm7250 Aa Firmware Sm8635 Firmware Sm7250p Firmware Sm4635 Firmware Sd865 5g Firmware Sd 8 Gen1 5g Firmware Sc8380xp Firmware Sa9000p Firmware Sa8775p Firmware Sa8770p Firmware Sa8650p Firmware Sa8620p Firmware Sa8540p Firmware Sa8530p Firmware Sa8295p Firmware Sa8255p Firmware Sa8195p Firmware Sa8155p Firmware Sa8150p Firmware Sa8145p Firmware Sa7775p Firmware Sa7255p Firmware Sa6155p Firmware Sa6150p Firmware Sa6145p Firmware Video Collaboration Vc3 Platform Firmware Qsm8350 Firmware Qru1062 Firmware Qru1052 Firmware Qru1032 Firmware Qfw7124 Firmware Qfw7114 Firmware Qep8111 Firmware Qdx1011 Firmware Qdx1010 Firmware Qdu1210 Firmware Qdu1110 Firmware Qdu1010 Firmware Qdu1000 Firmware Qcs6490 Firmware Qcs5430 Firmware Qcn6274 Firmware Qcn6224 Firmware Qcm6490 Firmware Qcm5430 Firmware Qcc710 Firmware Qca8337 Firmware Qca8081 Firmware Qca6797aq Firmware Qca6698aq Firmware Qca6696 Firmware Qca6678aq Firmware Qca6595au Firmware Qca6595 Firmware Qca6584au Firmware Qca6574au Firmware Qca6574a Firmware Qca6574 Firmware Qca6436 Firmware Qca6431 Firmware Qca6426 Firmware Qca6421 Firmware Qca6391 Firmware Qca6174a Firmware Qamsrv1m Firmware Qamsrv1h Firmware Qam8775p Firmware Qam8650p Firmware Qam8620p Firmware Qam8295p Firmware Qam8255p Firmware Fastconnect 7800 Firmware Fastconnect 6900 Firmware Fastconnect 6800 Firmware Fastconnect 6700 Firmware Fastconnect 6200 Firmware Ar8035 Firmware
7.8
CVSS 3.1 · Vendor: qualcomm
Share

Severity by source

Vendor (qualcomm) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (qualcomm) · only source for this CVE.

CVSS VectorVendor: qualcomm

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 07, 2024 - 13:15 cve.org
HIGH 7.8

DescriptionCVE.org

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

AnalysisAI

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Affected products include: Qualcomm Snapdragon 888\+ 5G Mobile Platform \(Sm8350-Ac\) Firmware, Qualcomm Snapdragon 865\+ 5G Mobile Platform \(Sm8250-Ab\) Firmware, Qualcomm Wsa8845H Firmware, Qualcomm Wsa8845 Firmware, Qualcomm Wsa8840 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-21481 HIGH
8.4 Aug 05

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Rated high severity (

CVE-2024-23359 HIGH
8.2 Sep 02

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated

CVE-2024-23356 HIGH
7.8 Aug 05

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability

CVE-2024-23355 HIGH
7.8 Aug 05

Memory corruption when keymaster operation imports a shared key. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2025-21448 HIGH
7.5 Apr 07

Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remot

CVE-2025-47318 HIGH
7.5 Sep 24

Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this

CVE-2024-23364 HIGH
7.5 Sep 02

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Eleme

CVE-2024-33012 HIGH
7.5 Aug 05

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end

CVE-2024-33011 HIGH
7.5 Aug 05

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. Rated high severity (CVSS

CVE-2024-33010 HIGH
7.5 Aug 05

Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated high severity (CVSS 7.5), this vulnerability

CVE-2024-23353 HIGH
7.5 Aug 05

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS

CVE-2024-23352 HIGH
7.5 Aug 05

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. Rated high severity (CV

Share

CVE-2024-23369 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy