Information Disclosure in Qualcomm's Firmware During Core Initialization
CVE-2024-38414

5.5MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 3 February 2025

Summary

This vulnerability involves an information disclosure issue that occurs during the processing of firmware images in Qualcomm's products. Specifically, it takes place during the core initialization phase, potentially exposing sensitive information that could be leveraged by malicious actors. Users of affected Qualcomm firmware versions should take necessary precautions to safeguard their systems and data.

Affected Version(s)

Snapdragon Snapdragon Auto FastConnect 6900

Snapdragon Snapdragon Auto FastConnect 7800

Snapdragon Snapdragon Auto QAM8295P

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jun 16, 2024