CVE-2024-38418

CVE-2024-38418 is a memory corruption vulnerability that occurs while parsing memory map information in IOCTL calls. It is associated with CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition) and affects Qualcomm products, as documented in their security bulletin. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Exploitation could grant high-level impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data tampering, or system denial of service within the affected component.

Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, provides details on affected products and mitigation measures, including patches where applicable. The bulletin was referenced in the CVE publication on 2025-02-03.