CVE-2024-21455 — HIGH (7.8)

Vulnerability Description

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Video Collaboration Vc1 Platform Firmware	-
Qualcomm	Video Collaboration Vc1 Platform	-
Qualcomm	Wsa8815 Firmware	-
Qualcomm	Wsa8815	-
Qualcomm	Wsa8810 Firmware	-
Qualcomm	Wsa8810	-
Qualcomm	Wcn3980 Firmware	-
Qualcomm	Wcn3980	-
Qualcomm	Wcn3950 Firmware	-
Qualcomm	Wcn3950	-
Qualcomm	Wcd9375 Firmware	-
Qualcomm	Wcd9375	-
Qualcomm	Wcd9370 Firmware	-
Qualcomm	Wcd9370	-
Qualcomm	Snapdragon Auto 5G Modem-Rf Gen 2 Firmware	-
Qualcomm	Snapdragon Auto 5G Modem-Rf Gen 2	-
Qualcomm	Snapdragon 685 4G Mobile Platform \(Sm6225-Ad\) Firmware	-
Qualcomm	Snapdragon 685 4G Mobile Platform \(Sm6225-Ad\)	-
Qualcomm	Snapdragon 680 4G Mobile Platform Firmware	-
Qualcomm	Snapdragon 680 4G Mobile Platform	-

Related Weaknesses (CWE)

CWE-119 CWE-822

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-Vendor Advisory

FAQ

What is CVE-2024-21455?

CVE-2024-21455 is a vulnerability with a CVSS score of 7.8 (HIGH). Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

How severe is CVE-2024-21455?

CVE-2024-21455 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21455?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Video Collaboration Vc1 Platform Firmware, Qualcomm Video Collaboration Vc1 Platform, Qualcomm Wsa8815 Firmware, Qualcomm Wsa8815, Qualcomm Wsa8810 Firmware.