CVE-2024-21455: Untrusted Pointer Dereference in DSP Service

First published: Mon Oct 07 2024(Updated: )

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
All of
Qualcomm Qualcomm Video Collaboration Vc1 Platform Firmware
Qualcomm Qualcomm Video Collaboration Vc1 Platform
All of
Qualcomm Wsa8815 Firmware
Qualcomm Wsa8815
All of
Qualcomm Wsa8810 Firmware
Qualcomm Wsa8810
All of
Qualcomm Wcn3980 Firmware
Qualcomm Wcn3980
All of
Qualcomm Wcn3950 Firmware
Qualcomm Wcn3950
All of
Qualcomm Wcd9375 Firmware
Qualcomm Wcd9375
All of
Qualcomm Wcd9370 Firmware
Qualcomm Wcd9370
All of
Qualcomm Snapdragon Auto 5g Modem-rf Gen 2 Firmware
Qualcomm Snapdragon Auto 5g Modem-rf Gen 2
All of
Qualcomm Snapdragon 685 4g Mobile Platform \(sm6225-ad\) Firmware
Qualcomm Snapdragon 685 4g Mobile Platform \(sm6225-ad\)
All of
Qualcomm Snapdragon 680 4g Mobile Platform Firmware
Qualcomm Snapdragon 680 4g Mobile Platform
All of
Qualcomm Sg4150p Firmware
Qualcomm Sg4150p
All of
Qualcomm Sa8295p Firmware
Qualcomm Sa8295p
All of
Qualcomm Qcs6125 Firmware
Qualcomm Qcs6125
All of
Qualcomm Qcm6125 Firmware
Qualcomm Qcm6125
All of
Qualcomm Qca6698aq Firmware
Qualcomm Qca6698aq
All of
Qualcomm Qca6696 Firmware
Qualcomm Qca6696
All of
Qualcomm Qca6688aq Firmware
Qualcomm Qca6688aq
All of
Qualcomm Qca6595 Firmware
Qualcomm Qca6595
All of
Qualcomm Qca6584au Firmware
Qualcomm Qca6584au
All of
Qualcomm Qam8295p Firmware
Qualcomm Qam8295p

Never miss a vulnerability like this again

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/tags
vendor/qualcomm
canonical/qualcomm qualcomm video collaboration vc1 platform firmware
canonical/qualcomm qualcomm video collaboration vc1 platform
canonical/qualcomm wsa8815 firmware
canonical/qualcomm wsa8815
canonical/qualcomm wsa8810 firmware
canonical/qualcomm wsa8810
canonical/qualcomm wcn3980 firmware
canonical/qualcomm wcn3980
canonical/qualcomm wcn3950 firmware
canonical/qualcomm wcn3950
canonical/qualcomm wcd9375 firmware
canonical/qualcomm wcd9375
canonical/qualcomm wcd9370 firmware
canonical/qualcomm wcd9370
canonical/qualcomm snapdragon auto 5g modem-rf gen 2 firmware
canonical/qualcomm snapdragon auto 5g modem-rf gen 2
canonical/qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\) firmware
canonical/qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\)
canonical/qualcomm snapdragon 680 4g mobile platform firmware
canonical/qualcomm snapdragon 680 4g mobile platform
canonical/qualcomm sg4150p firmware
canonical/qualcomm sg4150p
canonical/qualcomm sa8295p firmware
canonical/qualcomm sa8295p
canonical/qualcomm qcs6125 firmware
canonical/qualcomm qcs6125
canonical/qualcomm qcm6125 firmware
canonical/qualcomm qcm6125
canonical/qualcomm qca6698aq firmware
canonical/qualcomm qca6698aq
canonical/qualcomm qca6696 firmware
canonical/qualcomm qca6696
canonical/qualcomm qca6688aq firmware
canonical/qualcomm qca6688aq
canonical/qualcomm qca6595 firmware
canonical/qualcomm qca6595
canonical/qualcomm qca6584au firmware
canonical/qualcomm qca6584au
canonical/qualcomm qam8295p firmware
canonical/qualcomm qam8295p

CVE-2024-21455: Untrusted Pointer Dereference in DSP Service

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact