CVE-2024-38425

Summary

Information disclosure while sending implicit broadcast containing APP launch information.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonFastConnect 6900affected
Qualcomm, Inc.SnapdragonFastConnect 7800affected
Qualcomm, Inc.SnapdragonSM7435affected
Qualcomm, Inc.SnapdragonSM8635affected
Qualcomm, Inc.SnapdragonSM8750affected
Qualcomm, Inc.SnapdragonSnapdragon 4 Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 4 Gen 2 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 480 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 480+ 5G Mobile Platform (SM4350-AC)affected
Qualcomm, Inc.SnapdragonSnapdragon 6 Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 662 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 680 4G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 685 4G Mobile Platform (SM6225-AD)affected
Qualcomm, Inc.SnapdragonSnapdragon 695 5G Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 7 Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 7+ Gen 2 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Gen 2 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8 Gen 3 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8+ Gen 1 Mobile Platformaffected
Qualcomm, Inc.SnapdragonSnapdragon 8+ Gen 2 Mobile Platformaffected
Qualcomm, Inc.SnapdragonWCD9380affected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8835affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References