CVE-2024-21455

Summary

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonQAM8295Paffected
Qualcomm, Inc.SnapdragonQCA6584AUaffected
Qualcomm, Inc.SnapdragonQCA6595affected
Qualcomm, Inc.SnapdragonQCA6688AQaffected
Qualcomm, Inc.SnapdragonQCA6696affected
Qualcomm, Inc.SnapdragonQCA6698AQaffected
Qualcomm, Inc.SnapdragonQCM6125affected
Qualcomm, Inc.SnapdragonQCS6125affected
Qualcomm, Inc.SnapdragonQualcomm Video Collaboration VC1 Platformaffected
Qualcomm, Inc.SnapdragonSA8295Paffected
Qualcomm, Inc.SnapdragonSG4150Paffected
Qualcomm, Inc.SnapdragonSnapdragon 680 4G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 685 4G Mobile Platform (SM6225-AD)affected
Qualcomm, Inc.SnapdragonSnapdragon Auto 5G Modem-RF Gen 2affected
Qualcomm, Inc.SnapdragonWCD9370affected
Qualcomm, Inc.SnapdragonWCD9375affected
Qualcomm, Inc.SnapdragonWCN3950affected
Qualcomm, Inc.SnapdragonWCN3980affected
Qualcomm, Inc.SnapdragonWSA8810affected
Qualcomm, Inc.SnapdragonWSA8815affected

Weaknesses

  • CWE-822: CWE-822 Untrusted Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References