What is the severity of CVE-2024-23366?

The severity of CVE-2024-23366 is currently assessed as medium due to the information disclosure risk associated with mailbox write API invocations.

How do I fix CVE-2024-23366?

To fix CVE-2024-23366, users should update their Qualcomm firmware to the latest version released by the manufacturer.

The impact of CVE-2024-23366 includes the potential exposure of sensitive information when processing larger-than-allowed messages.

CVE-2024-23366 affects various Qualcomm firmware products, including Qam8255p, Qam8295p, and others listed in the vulnerability report.

CVE-2024-23366 is considered a remote vulnerability as it can be exploited through the mailbox write API from an external source.

6.6

CWE

126 125

6/1/2025

10/1/2025

First published: Mon Jan 06 2025(Updated: )

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

Credit: product-security@qualcomm.com

What is the severity of CVE-2024-23366?
The severity of CVE-2024-23366 is currently assessed as medium due to the information disclosure risk associated with mailbox write API invocations.
How do I fix CVE-2024-23366?
To fix CVE-2024-23366, users should update their Qualcomm firmware to the latest version released by the manufacturer.
What is the impact of CVE-2024-23366?
The impact of CVE-2024-23366 includes the potential exposure of sensitive information when processing larger-than-allowed messages.
Which products are affected by CVE-2024-23366?
CVE-2024-23366 affects various Qualcomm firmware products, including Qam8255p, Qam8295p, and others listed in the vulnerability report.
Is CVE-2024-23366 a local or remote vulnerability?
CVE-2024-23366 is considered a remote vulnerability as it can be exploited through the mailbox write API from an external source.