CVE-2024-23358

Summary

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonAPQ8017affected
Qualcomm, Inc.SnapdragonAPQ8037affected
Qualcomm, Inc.SnapdragonAR8035affected
Qualcomm, Inc.SnapdragonFastConnect 7800affected
Qualcomm, Inc.SnapdragonMSM8108affected
Qualcomm, Inc.SnapdragonMSM8209affected
Qualcomm, Inc.SnapdragonMSM8608affected
Qualcomm, Inc.SnapdragonQCA6584AUaffected
Qualcomm, Inc.SnapdragonQCA6698AQaffected
Qualcomm, Inc.SnapdragonQCA8081affected
Qualcomm, Inc.SnapdragonQCA8337affected
Qualcomm, Inc.SnapdragonQCC710affected
Qualcomm, Inc.SnapdragonQCN6224affected
Qualcomm, Inc.SnapdragonQCN6274affected
Qualcomm, Inc.SnapdragonQFW7114affected
Qualcomm, Inc.SnapdragonQFW7124affected
Qualcomm, Inc.SnapdragonQualcomm 205 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSDM429Waffected
Qualcomm, Inc.SnapdragonSM8635affected
Qualcomm, Inc.SnapdragonSmart Audio 200 Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 208 Processoraffected
Qualcomm, Inc.SnapdragonSnapdragon 210 Processoraffected
Qualcomm, Inc.SnapdragonSnapdragon 212 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 425 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 429 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 430 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 439 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Gen 3 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon Auto 5G Modem-RF Gen 2affected
Qualcomm, Inc.SnapdragonSnapdragon Wear 4100+ Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon X72 5G Modem-RF Systemaffected
Qualcomm, Inc.SnapdragonSnapdragon X75 5G Modem-RF Systemaffected
Qualcomm, Inc.SnapdragonWCD9326affected
Qualcomm, Inc.SnapdragonWCD9340affected
Qualcomm, Inc.SnapdragonWCD9370affected
Qualcomm, Inc.SnapdragonWCD9375affected
Qualcomm, Inc.SnapdragonWCD9390affected
Qualcomm, Inc.SnapdragonWCD9395affected
Qualcomm, Inc.SnapdragonWCN3610affected
Qualcomm, Inc.SnapdragonWCN3615affected
Qualcomm, Inc.SnapdragonWCN3620affected
Qualcomm, Inc.SnapdragonWCN3660Baffected
Qualcomm, Inc.SnapdragonWCN3680Baffected
Qualcomm, Inc.SnapdragonWCN3980affected
Qualcomm, Inc.SnapdragonWCN6755affected
Qualcomm, Inc.SnapdragonWSA8810affected
Qualcomm, Inc.SnapdragonWSA8815affected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8832affected
Qualcomm, Inc.SnapdragonWSA8835affected
Qualcomm, Inc.SnapdragonWSA8840affected
Qualcomm, Inc.SnapdragonWSA8845affected
Qualcomm, Inc.SnapdragonWSA8845Haffected

Weaknesses

  • CWE-126: CWE-126 Buffer Over-read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References