Memory Corruption Vulnerability in Qualcomm's FRS/UDS Protocols
CVE-2024-23369

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon 888\+ 5g Mobile Platform \(sm8350-ac\) Firmware
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-23369?

A significant vulnerability exists within Qualcomm's FRS/UDS protocols, which arises when an invalid length is supplied from HLOS (High-Level Operating System) during request or response buffers. This memory corruption may impact the integrity and functionality of affected products, allowing unauthorized access or manipulation of data. It is imperative for users and administrators to assess the risk associated with this vulnerability and apply necessary mitigations as detailed in the security bulletin provided by Qualcomm.

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2024