Srv1m Firmware
CVE-2024-23378
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (qualcomm) · only source for this CVE.
CVSS VectorVendor: qualcomm
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
AnalysisAI
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. Affected products include: Qualcomm Srv1M Firmware, Qualcomm Srv1H Firmware, Qualcomm Snapdragon Auto 5G Modem-Rf Gen 2 Firmware, Qualcomm Sa9000P Firmware, Qualcomm Sa8775P Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
More in Srv1m Firmware
View allA Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vul
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic
Information Disclosure while parsing beacon frame in STA. Rated critical severity (CVSS 9.1), this vulnerability is remo
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
Memory corruption while releasing shared resources in MinkSocket listener thread. Rated high severity (CVSS 8.4), this v
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Rated high severity (
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today