Lucene search

[email protected]CVE-2024-21460

HistoryJul 01, 2024 - 3:15 p.m.

CVE-2024-21460

2024-07-0115:15:14

CWE-330

[email protected]

web.nvd.nist.gov

information disclosure

aslr

imem

secure ddr

virtual address space

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

Affected configurations

NVD

Node

qualcommfastconnect_6900_firmwareMatch-

AND

qualcommfastconnect_6900Match-

Node

qualcommfastconnect_7800_firmwareMatch-

AND

qualcommfastconnect_7800Match-

Node

qualcommqcm8550_firmwareMatch-

AND

qualcommqcm8550Match-

Node

qualcommqcs8550_firmwareMatch-

AND

qualcommqcs8550Match-

Node

qualcommsg8275p_firmwareMatch-

AND

qualcommsg8275pMatch-

Node

qualcommsm8550p_firmwareMatch-

AND

qualcommsm8550pMatch-

Node

qualcommsnapdragon_8_gen_2_mobile_platform_firmwareMatch-

AND

qualcommsnapdragon_8_gen_2_mobile_platformMatch-

Node

qualcommsnapdragon_8\+_gen_2_mobile_platform_firmwareMatch-

AND

qualcommsnapdragon_8\+_gen_2_mobile_platformMatch-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcd9385_firmwareMatch-

AND

qualcommwcd9385Match-

Node

qualcommwcd9390_firmwareMatch-

AND

qualcommwcd9390Match-

Node

qualcommwcd9395_firmwareMatch-

AND

qualcommwcd9395Match-

Node

qualcommwsa8840_firmwareMatch-

AND

qualcommwsa8840Match-

Node

qualcommwsa8845_firmwareMatch-

AND

qualcommwsa8845Match-

Node

qualcommwsa8845h_firmwareMatch-

AND

qualcommwsa8845hMatch-

CPENameOperatorVersion
qualcomm:fastconnect_6900_firmwarequalcomm fastconnect 6900 firmwareeq-

CPE	Name	Operator	Version
qualcomm:fastconnect_6900_firmware	qualcomm fastconnect 6900 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Compute",
      "Snapdragon Consumer IOT",
      "Snapdragon Industrial IOT",
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "QCM8550"
      },
      {
        "status": "affected",
        "version": "QCS8550"
      },
      {
        "status": "affected",
        "version": "SG8275P"
      },
      {
        "status": "affected",
        "version": "SM8550P"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8 Gen 2 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 8+ Gen 2 Mobile Platform"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WCD9385"
      },
      {
        "status": "affected",
        "version": "WCD9390"
      },
      {
        "status": "affected",
        "version": "WCD9395"
      },
      {
        "status": "affected",
        "version": "WSA8840"
      },
      {
        "status": "affected",
        "version": "WSA8845"
      },
      {
        "status": "affected",
        "version": "WSA8845H"
      }
    ]
  }
]

References

docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-21460

nvd1 cvelist1 vulnrichment1