CVE-2024-38413

Medium

Published: 03 February 2025

Published

03 February 2025

Modified

05 February 2025

KEV Added

—

Patch

—

CVSS Score 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

EPSS Score 0.0010 27.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption while processing frame packets.

Security Summary

CVE-2024-38413 is a memory corruption vulnerability that occurs while processing frame packets in Qualcomm components. It is linked to CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L). The vulnerability was published on 2025-02-03.

An attacker with local access and low privileges (PR:L) can exploit this issue with low attack complexity and no user interaction required. Exploitation allows limited impact on confidentiality (C:L), high impact on integrity (I:H), and limited impact on availability (A:L), within the unchanged security scope.

Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, details affected products and mitigation guidance, including patches where applicable.

Details

CWE(s): CWE-20CWE-787

Affected Products

qualcomm

fastconnect 7800 firmware

all versions

qualcomm

snapdragon 8 gen 3 mobile firmware

all versions

qualcomm

wcd9390 firmware

all versions

qualcomm

wcd9395 firmware

all versions

qualcomm

wsa8840 firmware

all versions

qualcomm

wsa8845 firmware

all versions

qualcomm

wsa8845h firmware

all versions

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com