CVE-2024-21453: Improper Input Validation in Automotive Telematics
First published: Mon Apr 01 2024(Updated: )
Transient DOS while decoding message of size that exceeds the available system memory.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Qualcomm C-V2X 9150 | ||
| Qualcomm C-V2X 9150 Firmware | ||
| All of | ||
| Qualcomm QCS410 Firmware | ||
| Qualcomm QCS410 Firmware | ||
| All of | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| All of | ||
| Qualcomm Video Collaboration VC1 Platform Firmware | ||
| Qualcomm Video Collaboration VC1 Platform | ||
| All of | ||
| Qualcomm Video Collaboration VC3 Platform Firmware | ||
| Qualcomm Video Collaboration VC3 Platform | ||
| All of | ||
| Qualcomm Auto 5G Modem-RF Firmware | ||
| Qualcomm Auto 5G Modem-RF Firmware | ||
| All of | ||
| Qualcomm Snapdragon Auto 4G Modem | ||
| Qualcomm Snapdragon Auto 4G Modem Firmware | ||
| All of | ||
| Qualcomm WCD9341 | ||
| Qualcomm WCD9341 Firmware | ||
| All of | ||
| Qualcomm WCD9370 Firmware | ||
| Qualcomm WCD9370 Firmware | ||
| All of | ||
| Qualcomm WCN3950 Firmware | ||
| Qualcomm WCN3950 Firmware | ||
| All of | ||
| Qualcomm Wcn3980 | ||
| Qualcomm WCN3980 | ||
| All of | ||
| Qualcomm WSA8810 | ||
| Qualcomm WSA8810 Firmware | ||
| All of | ||
| Qualcomm WSA8815 Firmware | ||
| Qualcomm WSA8815 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-21453?
CVE-2024-21453 has been classified as a transient Denial of Service (DoS) vulnerability.
How do I fix CVE-2024-21453?
To mitigate CVE-2024-21453, apply the latest firmware updates provided by Qualcomm.
Which devices are affected by CVE-2024-21453?
CVE-2024-21453 affects various Qualcomm firmware including c-v2x 9150, QCS410, QCS610, and others.
What type of attack does CVE-2024-21453 facilitate?
CVE-2024-21453 facilitates a DoS attack by decoding messages that exceed the available system memory.
Is CVE-2024-21453 a requirements issue?
No, CVE-2024-21453 is related to handling memory allocation when processing messages, not a requirements issue.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/qualcomm
- canonical/qualcomm c-v2x 9150
- canonical/qualcomm c-v2x 9150 firmware
- canonical/qualcomm qcs410 firmware
- canonical/qualcomm qcs610 firmware
- canonical/qualcomm video collaboration vc1 platform firmware
- canonical/qualcomm video collaboration vc1 platform
- canonical/qualcomm video collaboration vc3 platform firmware
- canonical/qualcomm video collaboration vc3 platform
- canonical/qualcomm auto 5g modem-rf firmware
- canonical/qualcomm snapdragon auto 4g modem
- canonical/qualcomm snapdragon auto 4g modem firmware
- canonical/qualcomm wcd9341
- canonical/qualcomm wcd9341 firmware
- canonical/qualcomm wcd9370 firmware
- canonical/qualcomm wcn3950 firmware
- canonical/qualcomm wcn3980
- canonical/qualcomm wsa8810
- canonical/qualcomm wsa8810 firmware
- canonical/qualcomm wsa8815 firmware