What is the severity of CVE-2024-23377?

CVE-2024-23377 has a high severity level due to the potential for memory corruption in the affected Qualcomm devices.

How do I fix CVE-2024-23377?

To fix CVE-2024-23377, it is recommended to apply the latest firmware updates provided by Qualcomm for the affected devices.

What types of devices are affected by CVE-2024-23377?

CVE-2024-23377 affects various Qualcomm devices including WSA and Snapdragon platforms, specifically firmware versions of WSA8845, WSA8840, and others.

What are the potential impacts of CVE-2024-23377?

The impact of CVE-2024-23377 includes potential system instability or crashes due to memory corruption when the IOCTL command is improperly manipulated.

Is CVE-2024-23377 exploitable over a network?

CVE-2024-23377 is not classified as a network exploitable vulnerability since it requires user-space interaction to trigger the memory corruption.

Vulnerability/
CVE-2024-23377

medium

6.7

CWE

823

4/11/2024

8/11/2024

CVE-2024-23377: Use of Out-of-range Pointer Offset in ComputerVision

First published: Mon Nov 04 2024(Updated: )

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
All of
Qualcomm WSA8845 Firmware
Qualcomm WSA8845H Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845 Firmware
All of
Qualcomm WSA8840 Firmware
Qualcomm WSA8840 Firmware
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8832 Firmware
Qualcomm WSA8832 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WCN7880 firmware
Qualcomm WCN7880 firmware
All of
Qualcomm WCN6755 Firmware
Qualcomm WCN6755 Firmware
All of
Qualcomm WCN6650 Firmware
Qualcomm WCN6650 Firmware
All of
Qualcomm WCD9395 Firmware
Qualcomm WCD9395 Firmware
All of
Qualcomm WCD9390 Firmware
Qualcomm WCD9390 Firmware
All of
Qualcomm WCD9385
Qualcomm WCD9385 Firmware
All of
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
All of
Qualcomm WCD9378
Qualcomm WCD9378
All of
Qualcomm WCD9375
Qualcomm WCD9375 Firmware
All of
Qualcomm WCD9371 Firmware
Qualcomm WCD9371 Firmware
All of
Qualcomm WCD9370 Firmware
Qualcomm WCD9370 Firmware
All of
Qualcomm SXR2250P
Qualcomm SXR2250P
All of
Qualcomm SXR2230P
Qualcomm SXR2230P
All of
Qualcomm SXR1230P
Qualcomm SXR1230P Firmware
All of
Qualcomm SSG2125P
Qualcomm SSG2125P
All of
Qualcomm SSG2115P Firmware
Qualcomm SSG2115P Firmware
All of
Qualcomm Snapdragon AR2 Gen 1 Firmware
Qualcomm Snapdragon AR2 Gen 1 Platform Firmware
All of
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform
All of
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 8 Gen 2
All of
Qualcomm SM8550P Firmware
Qualcomm SM8550P Firmware
All of
Qualcomm SM7550 Firmware
Qualcomm SM7550 Firmware
All of
Qualcomm SM7525
Qualcomm SM7525
All of
Qualcomm SG8275 Firmware
Qualcomm SG8275 Firmware
All of
Qualcomm SG8275 Firmware
Qualcomm SG8275 Firmware
All of
Qualcomm Snapdragon 8 Gen 1 Firmware
Qualcomm Snapdragon 8 Gen 1
All of
Qualcomm Video Collaboration VC5 Platform
Qualcomm Video Collaboration VC5
All of
Qualcomm QCS8550 Firmware
Qualcomm QCS8550 Firmware
All of
Qualcomm QCS8250 Firmware
Qualcomm QCS8250 Firmware
All of
Qualcomm QCS7230 Firmware
Qualcomm QCS7230 Firmware
All of
Qualcomm QCM8550 Firmware
Qualcomm QCM8550 Firmware
All of
Qualcomm QCA6391 Firmware
Qualcomm QCA6391 Firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware

Remedy

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Never miss a vulnerability like this again

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Frequently Asked Questions

What is the severity of CVE-2024-23377?
CVE-2024-23377 has a high severity level due to the potential for memory corruption in the affected Qualcomm devices.
How do I fix CVE-2024-23377?
To fix CVE-2024-23377, it is recommended to apply the latest firmware updates provided by Qualcomm for the affected devices.
What types of devices are affected by CVE-2024-23377?
CVE-2024-23377 affects various Qualcomm devices including WSA and Snapdragon platforms, specifically firmware versions of WSA8845, WSA8840, and others.
What are the potential impacts of CVE-2024-23377?
The impact of CVE-2024-23377 includes potential system instability or crashes due to memory corruption when the IOCTL command is improperly manipulated.
Is CVE-2024-23377 exploitable over a network?
CVE-2024-23377 is not classified as a network exploitable vulnerability since it requires user-space interaction to trigger the memory corruption.

agent/references
agent/weakness
agent/title
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/qualcomm
canonical/qualcomm wsa8845 firmware
canonical/qualcomm wsa8845h firmware
canonical/qualcomm wsa8845h
canonical/qualcomm wsa8840 firmware
canonical/qualcomm wsa8835
canonical/qualcomm wsa8835 firmware
canonical/qualcomm wsa8832 firmware
canonical/qualcomm wsa8830
canonical/qualcomm wcn7880 firmware
canonical/qualcomm wcn6755 firmware
canonical/qualcomm wcn6650 firmware
canonical/qualcomm wcd9395 firmware
canonical/qualcomm wcd9390 firmware
canonical/qualcomm wcd9385
canonical/qualcomm wcd9385 firmware
canonical/qualcomm wcd9380
canonical/qualcomm wcd9380 firmware
canonical/qualcomm wcd9378
canonical/qualcomm wcd9375
canonical/qualcomm wcd9375 firmware
canonical/qualcomm wcd9371 firmware
canonical/qualcomm wcd9370 firmware
canonical/qualcomm sxr2250p
canonical/qualcomm sxr2230p
canonical/qualcomm sxr1230p
canonical/qualcomm sxr1230p firmware
canonical/qualcomm ssg2125p
canonical/qualcomm ssg2115p firmware
canonical/qualcomm snapdragon ar2 gen 1 firmware
canonical/qualcomm snapdragon ar2 gen 1 platform firmware
canonical/qualcomm snapdragon 8+ gen 2 mobile platform firmware
canonical/qualcomm snapdragon 8+ gen 2 mobile platform
canonical/qualcomm snapdragon 8 gen 2
canonical/qualcomm sm8550p firmware
canonical/qualcomm sm7550 firmware
canonical/qualcomm sm7525
canonical/qualcomm sg8275 firmware
canonical/qualcomm snapdragon 8 gen 1 firmware
canonical/qualcomm snapdragon 8 gen 1
canonical/qualcomm video collaboration vc5 platform
canonical/qualcomm video collaboration vc5
canonical/qualcomm qcs8550 firmware
canonical/qualcomm qcs8250 firmware
canonical/qualcomm qcs7230 firmware
canonical/qualcomm qcm8550 firmware
canonical/qualcomm qca6391 firmware
canonical/qualcomm fastconnect 7800 firmware
canonical/qualcomm fastconnect 6900 firmware