CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcm8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm8550:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

History

02 Jul 2024, 17:56

Type	Values Removed	Values Added
CPE		cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845h:-:::::::* cpe:2.3:o:qualcomm:qcm8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9395_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845h_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9390:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:qcm8550:-:::::::* cpe:2.3:h:qualcomm:wcd9395:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:h:qualcomm:sg8275p:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:::::::* cpe:2.3:h:qualcomm:sm8550p:-:::::::* cpe:2.3:o:qualcomm:wsa8840_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::* cpe:2.3:o:qualcomm:sm8550p_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8845:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:::::::* cpe:2.3:o:qualcomm:sg8275p_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9390_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8840:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::*
First Time		Qualcomm snapdragon 8 Gen 2 Mobile Platform Firmware Qualcomm qcm8550 Firmware Qualcomm wsa8840 Qualcomm qcs8550 Qualcomm sg8275p Firmware Qualcomm Qualcomm wsa8840 Firmware Qualcomm fastconnect 6900 Qualcomm fastconnect 7800 Firmware Qualcomm qcs8550 Firmware Qualcomm wsa8845 Firmware Qualcomm wcd9390 Firmware Qualcomm wcd9380 Firmware Qualcomm wcd9385 Firmware Qualcomm wsa8845 Qualcomm wcd9380 Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Qualcomm qcm8550 Qualcomm wcd9395 Qualcomm wsa8845h Qualcomm sm8550p Qualcomm wsa8845h Firmware Qualcomm wcd9385 Qualcomm snapdragon 8\+ Gen 2 Mobile Platform Firmware Qualcomm wcd9395 Firmware Qualcomm wcd9390 Qualcomm fastconnect 7800 Qualcomm sm8550p Firmware Qualcomm sg8275p Qualcomm snapdragon 8 Gen 2 Mobile Platform Qualcomm fastconnect 6900 Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.5
Summary		(es) Divulgación de información cuando ASLR reubica las partes IMEM y DDR segura como un solo fragmento en el espacio de direcciones virtuales.
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html - Vendor Advisory

01 Jul 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 15:15

Updated : 2024-07-02 17:56

NVD link : CVE-2024-21460

Mitre link : CVE-2024-21460

CVE.ORG link : CVE-2024-21460

JSON object : View

Products Affected

qualcomm

wsa8840_firmware
wcd9390_firmware
snapdragon_8\+_gen_2_mobile_platform_firmware
sm8550p
qcs8550_firmware
fastconnect_7800
wcd9390
fastconnect_6900
wsa8845_firmware
snapdragon_8_gen_2_mobile_platform_firmware
qcm8550_firmware
wcd9380_firmware
sg8275p
snapdragon_8_gen_2_mobile_platform
wsa8845h_firmware
wsa8845h
fastconnect_7800_firmware
wcd9395_firmware
wcd9385_firmware
sg8275p_firmware
wcd9380
snapdragon_8\+_gen_2_mobile_platform
qcs8550
wsa8840
fastconnect_6900_firmware
sm8550p_firmware
wcd9395
wsa8845
wcd9385
qcm8550

CWE

CWE-330

Use of Insufficiently Random Values

6.5 /10