Vulnerability Description
Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Wsa8845H Firmware | - |
| Qualcomm | Wsa8845H | - |
| Qualcomm | Wsa8845 Firmware | - |
| Qualcomm | Wsa8845 | - |
| Qualcomm | Wsa8840 Firmware | - |
| Qualcomm | Wsa8840 | - |
| Qualcomm | Wcd9395 Firmware | - |
| Qualcomm | Wcd9395 | - |
| Qualcomm | Wcd9390 Firmware | - |
| Qualcomm | Wcd9390 | - |
| Qualcomm | Wcd9340 Firmware | - |
| Qualcomm | Wcd9340 | - |
| Qualcomm | Snapdragon X75 5G Modem-Rf System Firmware | - |
| Qualcomm | Snapdragon X75 5G Modem-Rf System | - |
| Qualcomm | Snapdragon X72 5G Modem-Rf System Firmware | - |
| Qualcomm | Snapdragon X72 5G Modem-Rf System | - |
| Qualcomm | Snapdragon X35 5G Modem-Rf System Firmware | - |
| Qualcomm | Snapdragon X35 5G Modem-Rf System | - |
| Qualcomm | Snapdragon Auto 5G Modem-Rf Gen 2 Firmware | - |
| Qualcomm | Snapdragon Auto 5G Modem-Rf Gen 2 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-23350?
CVE-2024-23350 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message...
How severe is CVE-2024-23350?
CVE-2024-23350 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23350?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Wsa8845H Firmware, Qualcomm Wsa8845H, Qualcomm Wsa8845 Firmware, Qualcomm Wsa8845, Qualcomm Wsa8840 Firmware.