CVE-2024-21455: Untrusted Pointer Dereference in DSP Service
First published: Mon Oct 07 2024(Updated: )
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| qualcomm qualcomm video collaboration vc1 platform firmware | ||
| qualcomm qualcomm video collaboration vc1 platform | ||
| All of | ||
| qualcomm wsa8815 firmware | ||
| qualcomm wsa8815 | ||
| All of | ||
| qualcomm wsa8810 firmware | ||
| qualcomm wsa8810 | ||
| All of | ||
| qualcomm wcn3980 firmware | ||
| Qualcomm Wcn3980 | ||
| All of | ||
| Qualcomm WCN3950 Firmware | ||
| qualcomm wcn3950 | ||
| All of | ||
| Qualcomm wcd9375 firmware | ||
| Qualcomm wcd9375 | ||
| All of | ||
| Qualcomm wcd9370 firmware | ||
| Qualcomm wcd9370 | ||
| All of | ||
| Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware | ||
| qualcomm snapdragon auto 5g modem-rf gen 2 | ||
| All of | ||
| qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\) firmware | ||
| qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\) | ||
| All of | ||
| qualcomm snapdragon 680 4g mobile platform Firmware | ||
| qualcomm snapdragon 680 4g mobile platform | ||
| All of | ||
| qualcomm sg4150p Firmware | ||
| qualcomm sg4150p | ||
| All of | ||
| qualcomm sa8295p firmware | ||
| qualcomm sa8295p | ||
| All of | ||
| Qualcomm qcs6125 firmware | ||
| Qualcomm qcs6125 | ||
| All of | ||
| Qualcomm qcm6125 firmware | ||
| Qualcomm qcm6125 | ||
| All of | ||
| qualcomm qca6698aq firmware | ||
| qualcomm qca6698aq | ||
| All of | ||
| qualcomm qca6696 firmware | ||
| qualcomm qca6696 | ||
| All of | ||
| qualcomm qca6688aq firmware | ||
| qualcomm qca6688aq | ||
| All of | ||
| qualcomm qca6595 firmware | ||
| qualcomm qca6595 | ||
| All of | ||
| qualcomm QCA6584AU firmware | ||
| qualcomm QCA6584AU | ||
| All of | ||
| qualcomm qam8295p firmware | ||
| qualcomm qam8295p | ||
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
- https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/c60ac212aabd299304dfbb54b1fc18c59247d9ae
- https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/7d25f65272719dc0b98ea56fde751d0336098879
- https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/19bc7b129f968abc3c72066c05266f74a1b90b9b
- https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/1145bbef0185405f8aeb8cf46353a7b9fb93b1c1
- https://source.android.com/docs/security/bulletin/2024-11-01 (Advisory)
- https://www.bleepingcomputer.com/news/security/new-android-novispy-spyware-linked-to-qualcomm-zero-day-bugs/
Frequently Asked Questions
What is the severity of CVE-2024-21455?
CVE-2024-21455 has a high severity due to the potential for memory corruption.
How do I fix CVE-2024-21455?
To fix CVE-2024-21455, it is recommended to update the affected Qualcomm firmware or the Android operating system to the latest version.
What systems are affected by CVE-2024-21455?
CVE-2024-21455 affects various Qualcomm firmware versions used in devices that are also running Google Android.
What are the potential impacts of CVE-2024-21455?
Potential impacts of CVE-2024-21455 include system crashes or unauthorized access due to memory corruption.
What is the nature of the vulnerability in CVE-2024-21455?
The vulnerability in CVE-2024-21455 is related to memory corruption resulting from a compat IOCTL call followed by another IOCTL call from userspace to a driver.
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/trending
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-43047
- alias/CVE-2024-49848
- alias/CVE-2024-21455
- alias/CVE-2024-33060
- agent/event
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- vendor/qualcomm
- canonical/qualcomm qualcomm video collaboration vc1 platform firmware
- canonical/qualcomm qualcomm video collaboration vc1 platform
- canonical/qualcomm wsa8815 firmware
- canonical/qualcomm wsa8815
- canonical/qualcomm wsa8810 firmware
- canonical/qualcomm wsa8810
- canonical/qualcomm wcn3980 firmware
- canonical/qualcomm wcn3980
- canonical/qualcomm wcn3950 firmware
- canonical/qualcomm wcn3950
- canonical/qualcomm wcd9375 firmware
- canonical/qualcomm wcd9375
- canonical/qualcomm wcd9370 firmware
- canonical/qualcomm wcd9370
- canonical/qualcomm snapdragon auto 5g-rf gen 2 firmware
- canonical/qualcomm snapdragon auto 5g modem-rf gen 2
- canonical/qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\) firmware
- canonical/qualcomm snapdragon 685 4g mobile platform \(sm6225-ad\)
- canonical/qualcomm snapdragon 680 4g mobile platform firmware
- canonical/qualcomm snapdragon 680 4g mobile platform
- canonical/qualcomm sg4150p firmware
- canonical/qualcomm sg4150p
- canonical/qualcomm sa8295p firmware
- canonical/qualcomm sa8295p
- canonical/qualcomm qcs6125 firmware
- canonical/qualcomm qcs6125
- canonical/qualcomm qcm6125 firmware
- canonical/qualcomm qcm6125
- canonical/qualcomm qca6698aq firmware
- canonical/qualcomm qca6698aq
- canonical/qualcomm qca6696 firmware
- canonical/qualcomm qca6696
- canonical/qualcomm qca6688aq firmware
- canonical/qualcomm qca6688aq
- canonical/qualcomm qca6595 firmware
- canonical/qualcomm qca6595
- canonical/qualcomm qca6584au firmware
- canonical/qualcomm qca6584au
- canonical/qualcomm qam8295p firmware
- canonical/qualcomm qam8295p
- vendor/google
- canonical/android