8.4
CWE
121 787
Advisory Published
Updated

CVE-2024-21474: Stack-based Buffer Overflow in PMIC

First published: Mon May 06 2024(Updated: )

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
All of
Qualcomm AR8035 Firmware
Qualcomm AR8035 Firmware
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm QAM8295P
Qualcomm QAM8295P
All of
Qualcomm QCA6574 Firmware
Qualcomm QCA6574AU
All of
Qualcomm QCA6595AU Firmware
Qualcomm QCA6595AU Firmware
All of
Qualcomm QCA6696 Firmware
Qualcomm QCA6696 Firmware
All of
Qualcomm QCA6698AQ
Qualcomm QCA6698AQ Firmware
All of
Qualcomm QCA8081 firmware
Qualcomm QCA8081 firmware
All of
Qualcomm QCA8337 Firmware
Qualcomm QCA8337 Firmware
All of
Qualcomm SA8295P Firmware
Qualcomm SA8295P Firmware
All of
qualcomm sa8530p
Qualcomm SA8530P
All of
Qualcomm SA8540P
Qualcomm SA8540P Firmware
All of
Qualcomm SA9000P Firmware
Qualcomm SA9000P Firmware
All of
Qualcomm SC8380XP Firmware
Qualcomm SC8380XP Firmware
All of
Qualcomm SC8280XP Firmware
Qualcomm SC8280XP
All of
Qualcomm Snapdragon X65 5G-RF Firmware
Qualcomm Snapdragon X65 5G-RF
All of
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
All of
Qualcomm WCD9385
Qualcomm WCD9385 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8840 Firmware
Qualcomm WSA8840 Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845 Firmware
All of
Qualcomm WSA8845 Firmware
Qualcomm WSA8845H Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-21474?

    CVE-2024-21474 has a critical severity due to its potential to cause memory corruption.

  • How do I fix CVE-2024-21474?

    To fix CVE-2024-21474, ensure proper validation and re-initialization of buffers before use.

  • What software is affected by CVE-2024-21474?

    CVE-2024-21474 affects various Qualcomm firmware including the Ar8035, Fastconnect 6900, and other models.

  • Can CVE-2024-21474 lead to system crashes?

    Yes, CVE-2024-21474 may lead to system instability and crashes due to memory corruption issues.

  • Is there any workaround for CVE-2024-21474?

    The best workaround for CVE-2024-21474 is to avoid using vulnerable firmware versions until a patch is applied.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203