1. Home
  2. CVE Database
  3. CVE-2024-38410
HIGH · 7.8

CVE-2024-38410

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Vulnerability Description

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommWsa8845H Firmware-
QualcommWsa8845H-
QualcommWsa8845 Firmware-
QualcommWsa8845-
QualcommWsa8840 Firmware-
QualcommWsa8840-
QualcommWsa8835 Firmware-
QualcommWsa8835-
QualcommWsa8830 Firmware-
QualcommWsa8830-
QualcommWcn3660B Firmware-
QualcommWcn3660B-
QualcommWcn3620 Firmware-
QualcommWcn3620-
QualcommWcd9385 Firmware-
QualcommWcd9385-
QualcommWcd9380 Firmware-
QualcommWcd9380-
QualcommWcd9375 Firmware-
QualcommWcd9375-

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2024-38410?

CVE-2024-38410 is a vulnerability with a CVSS score of 7.8 (HIGH). Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

How severe is CVE-2024-38410?

CVE-2024-38410 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38410?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Wsa8845H Firmware, Qualcomm Wsa8845H, Qualcomm Wsa8845 Firmware, Qualcomm Wsa8845, Qualcomm Wsa8840 Firmware.