CVE-2024-38411

CVE-2024-38411 is a memory corruption vulnerability classified under CWE-416 (Use After Free), occurring during the registration of a buffer from user-space to kernel-space via IOCTL calls. It affects components in Qualcomm products, as documented in their February 2025 security bulletin. The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L), indicating local access is required with high confidentiality impact potential.

A local attacker with low privileges can exploit this issue through crafted IOCTL calls, requiring low attack complexity and no user interaction. Exploitation triggers memory corruption, enabling unauthorized access to sensitive data (high confidentiality impact), limited integrity modifications, and minor availability disruptions, all within the unchanged security scope.

Qualcomm has addressed this vulnerability in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, which provides details on affected products and recommended mitigations or patches.