User-space Memory Corruption via IOCTL Command Modification

CVE-2024-23377

6.7MEDIUM

Key Information

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 4 November 2024

Summary

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Affected Version(s)

Snapdragon = FastConnect 6900

Snapdragon = FastConnect 7800

Snapdragon = QCA6391

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 4, 2024
Vulnerability Reserved.
Jan 16, 2024

Collectors

NVD DatabaseMitre Database