1. Home
  2. CVE Database
  3. CVE-2024-23370
MEDIUM · 6.7

CVE-2024-23370

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

Vulnerability Description

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommWsa8835 Firmware-
QualcommWsa8835-
QualcommWsa8830 Firmware-
QualcommWsa8830-
QualcommWcn3988 Firmware-
QualcommWcn3988-
QualcommWcn3980 Firmware-
QualcommWcn3980-
QualcommSw5100P Firmware-
QualcommSw5100P-
QualcommSw5100 Firmware-
QualcommSw5100-
QualcommSnapdragon Auto 5G Modem-Rf Gen 2 Firmware-
QualcommSnapdragon Auto 5G Modem-Rf Gen 2-
QualcommQca9377 Firmware-
QualcommQca9377-
QualcommQca9367 Firmware-
QualcommQca9367-
QualcommQca6698Aq Firmware-
QualcommQca6698Aq-

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2024-23370?

CVE-2024-23370 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.

How severe is CVE-2024-23370?

CVE-2024-23370 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-23370?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Wsa8835 Firmware, Qualcomm Wsa8835, Qualcomm Wsa8830 Firmware, Qualcomm Wsa8830, Qualcomm Wcn3988 Firmware.