high
7.8
CWE
822 119
Advisory Published
Updated

CVE-2024-21455: Untrusted Pointer Dereference in DSP Service

First published: Mon Oct 07 2024(Updated: )

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
All of
Qualcomm Video Collaboration VC1 Platform Firmware
Qualcomm Video Collaboration VC1 Platform
All of
Qualcomm WSA8815 Firmware
Qualcomm WSA8815 Firmware
All of
Qualcomm WSA8810
Qualcomm WSA8810 Firmware
All of
Qualcomm Wcn3980
Qualcomm WCN3980
All of
Qualcomm WCN3950 Firmware
Qualcomm WCN3950 Firmware
All of
Qualcomm WCD9375
Qualcomm WCD9375 Firmware
All of
Qualcomm WCD9370 Firmware
Qualcomm WCD9370 Firmware
All of
Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware
Qualcomm Snapdragon Auto 5G Modem-RF
All of
Qualcomm Snapdragon 685 4G Mobile Platform (SM6225-AD) Firmware
Qualcomm Snapdragon 685 4G Mobile Platform (SM6225-AD)
All of
Qualcomm Snapdragon 680 4G Mobile Firmware
Qualcomm Snapdragon 680 4G Mobile Platform Firmware
All of
Qualcomm SG4150P
Qualcomm SG4150P Firmware
All of
Qualcomm SA8295P Firmware
Qualcomm SA8295P Firmware
All of
Qualcomm QCS6125 Firmware
Qualcomm QCS6125 Firmware
All of
Qualcomm QCM6125 Firmware
Qualcomm QCM6125 Firmware
All of
Qualcomm QCA6698AQ
Qualcomm QCA6698AQ Firmware
All of
Qualcomm QCA6696 Firmware
Qualcomm QCA6696 Firmware
All of
qualcomm qca6688aq firmware
Qualcomm QCA6688AQ
All of
Qualcomm QCA6595AU Firmware
Qualcomm QCA6595AU Firmware
All of
Qualcomm QCA6584AU Firmware
Qualcomm QCA6584AU firmware
All of
Qualcomm QAM8295P
Qualcomm QAM8295P

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-21455?

    CVE-2024-21455 has a high severity due to the potential for memory corruption.

  • How do I fix CVE-2024-21455?

    To fix CVE-2024-21455, it is recommended to update the affected Qualcomm firmware or the Android operating system to the latest version.

  • What systems are affected by CVE-2024-21455?

    CVE-2024-21455 affects various Qualcomm firmware versions used in devices that are also running Google Android.

  • What are the potential impacts of CVE-2024-21455?

    Potential impacts of CVE-2024-21455 include system crashes or unauthorized access due to memory corruption.

  • What is the nature of the vulnerability in CVE-2024-21455?

    The vulnerability in CVE-2024-21455 is related to memory corruption resulting from a compat IOCTL call followed by another IOCTL call from userspace to a driver.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203