CVE-2024-21460

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

nformation disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html	Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:54

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.1
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory

02 Jul 2024, 17:56

Type	Values Removed	Values Added
CPE		cpe:2.3:h:qualcomm:sm8550p:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:o:qualcomm:wcd9395_firmware:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:o:qualcomm:wsa8840_firmware:-:::::::* cpe:2.3:h:qualcomm:qcm8550:-:::::::* cpe:2.3:h:qualcomm:wsa8840:-:::::::* cpe:2.3:h:qualcomm:wsa8845h:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::* cpe:2.3:h:qualcomm:sg8275p:-:::::::* cpe:2.3:o:qualcomm:wsa8845_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9390:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:o:qualcomm:sg8275p_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9395:-:::::::* cpe:2.3:o:qualcomm:sm8550p_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:::::::* cpe:2.3:o:qualcomm:wsa8845h_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9390_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845:-:::::::* cpe:2.3:o:qualcomm:qcm8550_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.5
Summary		(es) Divulgación de información cuando ASLR reubica las partes IMEM y DDR segura como un solo fragmento en el espacio de direcciones virtuales.
First Time		Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Firmware Qualcomm sg8275p Qualcomm wsa8845h Qualcomm fastconnect 6900 Qualcomm wsa8840 Firmware Qualcomm wcd9385 Firmware Qualcomm sg8275p Firmware Qualcomm wsa8840 Qualcomm wsa8845h Firmware Qualcomm qcs8550 Qualcomm wcd9390 Firmware Qualcomm Qualcomm fastconnect 7800 Qualcomm wcd9395 Qualcomm fastconnect 6900 Firmware Qualcomm wcd9380 Firmware Qualcomm qcs8550 Firmware Qualcomm wcd9395 Firmware Qualcomm qcm8550 Firmware Qualcomm snapdragon 8 Gen 2 Mobile Platform Firmware Qualcomm wsa8845 Firmware Qualcomm wcd9385 Qualcomm wcd9380 Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Qualcomm wsa8845 Qualcomm snapdragon 8 Gen 2 Mobile Platform Qualcomm fastconnect 7800 Firmware Qualcomm sm8550p Qualcomm wcd9390 Qualcomm sm8550p Firmware Qualcomm qcm8550
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory

01 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 15:15

Updated : 2024-11-21 08:54

NVD link : CVE-2024-21460

Mitre link : CVE-2024-21460

CVE.ORG link : CVE-2024-21460

JSON object : View

Products Affected

qualcomm

CWE

CWE-330

Use of Insufficiently Random Values

7.1 /10