CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

History

02 Jul 2024, 17:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.5
CWE		CWE-330
First Time		Qualcomm wcd9380 Firmware Qualcomm sg8275p Firmware Qualcomm wcd9395 Firmware Qualcomm wcd9385 Qualcomm qcs8550 Firmware Qualcomm Qualcomm wcd9380 Qualcomm qcm8550 Firmware Qualcomm wsa8845 Firmware Qualcomm wsa8845 Qualcomm wsa8845h Firmware Qualcomm wcd9395 Qualcomm wcd9390 Firmware Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Qualcomm sg8275p Qualcomm fastconnect 6900 Qualcomm wcd9390 Qualcomm qcs8550 Qualcomm wsa8840 Qualcomm fastconnect 7800 Firmware Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Firmware Qualcomm fastconnect 7800 Qualcomm snapdragon 8 Gen 2 Mobile Platform Firmware Qualcomm sm8550p Qualcomm sm8550p Firmware Qualcomm snapdragon 8 Gen 2 Mobile Platform Qualcomm wsa8840 Firmware Qualcomm fastconnect 6900 Firmware Qualcomm wcd9385 Firmware Qualcomm wsa8845h Qualcomm qcm8550
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory
CPE		cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9395:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8840:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:h:qualcomm:sm8550p:-:::::::* cpe:2.3:h:qualcomm:qcm8550:-:::::::* cpe:2.3:o:qualcomm:qcm8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:wcd9390:-:::::::* cpe:2.3:o:qualcomm:sg8275p_firmware:-:::::::* cpe:2.3:h:qualcomm:sg8275p:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:o:qualcomm:sm8550p_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845h:-:::::::* cpe:2.3:o:qualcomm:wsa8845h_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845:-:::::::* cpe:2.3:o:qualcomm:wcd9395_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8840_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:wcd9390_firmware:-:::::::*

01 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 15:15

Updated : 2024-07-02 17:56

NVD link : CVE-2024-21460

Mitre link : CVE-2024-21460

JSON object : View

Products Affected

qualcomm

qcs8550
wcd9385
wsa8845
wcd9380_firmware
snapdragon_8\+_gen_2_mobile_platform
wcd9390_firmware
fastconnect_7800_firmware
wsa8840_firmware
fastconnect_6900_firmware
wsa8845h_firmware
wsa8840
sm8550p_firmware
qcs8550_firmware
wsa8845h
wcd9385_firmware
sg8275p_firmware
qcm8550
snapdragon_8\+_gen_2_mobile_platform_firmware
sg8275p
snapdragon_8_gen_2_mobile_platform_firmware
wsa8845_firmware
wcd9390
snapdragon_8_gen_2_mobile_platform
fastconnect_6900
wcd9395
qcm8550_firmware
wcd9395_firmware
fastconnect_7800
wcd9380
sm8550p

CWE

CWE-330

Use of Insufficiently Random Values

6.5 /10