high
8.4
CWE
120
Advisory Published
CVE Published
Updated

CVE-2024-21464: Buffer Copy Without Checking Size of Input in Data Network Stack & Connectivity

First published: Mon Jan 06 2025(Updated: )

Memory corruption while processing IPA statistics, when there are no active clients registered.

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Android
All of
Qualcomm FastConnect 6700 Firmware
Qualcomm Fastconnect 6700
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm QCM4490
Qualcomm QCM4490 Firmware
All of
Qualcomm QCS4490
Qualcomm QCS4490 Firmware
All of
Qualcomm Snapdragon 8 Gen 3 Firmware
Qualcomm Snapdragon 8 Gen 3 Mobile Platform
All of
Qualcomm Snapdragon 8+ Gen 1 Mobile Firmware
Qualcomm Snapdragon 8+ Gen 1 Mobile
All of
Qualcomm TalynPlus
Qualcomm TalynPlus Firmware
All of
Qualcomm WCD9370 Firmware
Qualcomm WCD9370 Firmware
All of
Qualcomm WCD9390 Firmware
Qualcomm WCD9390 Firmware
All of
Qualcomm WCD9395 Firmware
Qualcomm WCD9395 Firmware
All of
Qualcomm WCN3950 Firmware
Qualcomm WCN3950 Firmware
All of
Qualcomm WCN6740 Firmware
Qualcomm WCN6740 Firmware
All of
Qualcomm WSA8810
Qualcomm WSA8810 Firmware
All of
Qualcomm WSA8815 Firmware
Qualcomm WSA8815 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8832 Firmware
Qualcomm WSA8832 Firmware
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8840 Firmware
Qualcomm WSA8840 Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845 Firmware
All of
Qualcomm WSA8845 Firmware
Qualcomm WSA8845H Firmware

Remedy

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-21464?

    CVE-2024-21464 is classified as a memory corruption vulnerability that could potentially lead to exploitation.

  • What software is affected by CVE-2024-21464?

    CVE-2024-21464 affects various Qualcomm firmware versions and Google Android platforms.

  • How do I fix CVE-2024-21464?

    To fix CVE-2024-21464, check for updates from Qualcomm and Google for affected firmware and software.

  • What are the potential consequences of CVE-2024-21464?

    The consequences of CVE-2024-21464 may include system crashes or unauthorized access due to memory corruption.

  • When was CVE-2024-21464 reported?

    CVE-2024-21464 was reported in early 2024 and has documented fixes available from manufacturers.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203