What is the severity of CVE-2024-23379?

CVE-2024-23379 is classified as a critical memory corruption vulnerability in Qualcomm firmware.

How does CVE-2024-23379 affect vulnerable devices?

CVE-2024-23379 can lead to memory corruption when two threads attempt to free the same fastrpc map concurrently.

Which devices are affected by CVE-2024-23379?

CVE-2024-23379 affects several Qualcomm firmware variants including Wsa8835, Wsa8830, and Wcd9380 among others.

What is the recommended action to mitigate CVE-2024-23379?

To mitigate CVE-2024-23379, users should apply the latest firmware updates provided by Qualcomm.

Where can I find more information about CVE-2024-23379?

Further information regarding CVE-2024-23379 can be found in Qualcomm's security bulletins released in October 2024.

Vulnerability/
CVE-2024-23379

medium

6.7

CWE

415

7/10/2024

16/10/2024

CVE-2024-23379: Double Free in DSP Services

First published: Mon Oct 07 2024(Updated: )

Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8815 Firmware
Qualcomm WSA8815 Firmware
All of
Qualcomm WSA8810
Qualcomm WSA8810 Firmware
All of
Qualcomm WCN3990
Qualcomm WCN3990
All of
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
All of
Qualcomm WCD9341
Qualcomm WCD9341 Firmware
All of
Qualcomm WCD9340 Firmware
Qualcomm WCD9340 Firmware
All of
Qualcomm WCD9335 Firmware
Qualcomm WCD9335 Firmware
All of
Qualcomm SRV1M
Qualcomm SRV1M Firmware
All of
Qualcomm SRV1H
Qualcomm SRV1H Firmware
All of
Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware
Qualcomm Snapdragon Auto 5G Modem-RF
All of
Qualcomm Snapdragon 835 Mobile PC Firmware
Qualcomm Snapdragon 835 Mobile PC
All of
Qualcomm Snapdragon 8 Gen 1 Mobile Platform
Qualcomm Snapdragon 8 Gen 1 Mobile Firmware
All of
Qualcomm Snapdragon 835
Qualcomm Snapdragon 835
All of
Qualcomm SA9000P Firmware
Qualcomm SA9000P Firmware
All of
Qualcomm SA8775P
Qualcomm SA8775P
All of
Qualcomm SA8770P Firmware
qualcomm sa8770p firmware
All of
Qualcomm SA8650P
Qualcomm SA8650P
All of
Qualcomm SA8620P
Qualcomm SA8620P
All of
Qualcomm SA8255P Firmware
Qualcomm SA8255P Firmware
All of
Qualcomm SA7775P Firmware
Qualcomm SA7775P Firmware
All of
Qualcomm SA7255P
qualcomm sa7255p firmware
All of
Qualcomm QCA6698AQ
Qualcomm QCA6698AQ Firmware
All of
Qualcomm QCA6584AU Firmware
Qualcomm QCA6584AU firmware
All of
Qualcomm QCA6320 Firmware
Qualcomm QCA6320 Firmware
All of
Qualcomm QCA6310 Firmware
Qualcomm QCA6310 Firmware
All of
Qualcomm QAMSRV1M Firmware
Qualcomm QAMSRV1M Firmware
All of
Qualcomm SRV1H Firmware
Qualcomm QAMSRV1H Firmware
All of
Qualcomm QAM8775P
Qualcomm QAM8775P Firmware
All of
Qualcomm QAM8650P Firmware
Qualcomm QAM8650P Firmware
All of
Qualcomm QAM8255P
Qualcomm QAM8255P Firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware

Never miss a vulnerability like this again

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Frequently Asked Questions

What is the severity of CVE-2024-23379?
CVE-2024-23379 is classified as a critical memory corruption vulnerability in Qualcomm firmware.
How does CVE-2024-23379 affect vulnerable devices?
CVE-2024-23379 can lead to memory corruption when two threads attempt to free the same fastrpc map concurrently.
Which devices are affected by CVE-2024-23379?
CVE-2024-23379 affects several Qualcomm firmware variants including Wsa8835, Wsa8830, and Wcd9380 among others.
What is the recommended action to mitigate CVE-2024-23379?
To mitigate CVE-2024-23379, users should apply the latest firmware updates provided by Qualcomm.
Where can I find more information about CVE-2024-23379?
Further information regarding CVE-2024-23379 can be found in Qualcomm's security bulletins released in October 2024.

agent/weakness
agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/qualcomm
canonical/qualcomm wsa8835
canonical/qualcomm wsa8835 firmware
canonical/qualcomm wsa8830
canonical/qualcomm wsa8815 firmware
canonical/qualcomm wsa8810
canonical/qualcomm wsa8810 firmware
canonical/qualcomm wcn3990
canonical/qualcomm wcd9380
canonical/qualcomm wcd9380 firmware
canonical/qualcomm wcd9341
canonical/qualcomm wcd9341 firmware
canonical/qualcomm wcd9340 firmware
canonical/qualcomm wcd9335 firmware
canonical/qualcomm srv1m
canonical/qualcomm srv1m firmware
canonical/qualcomm srv1h
canonical/qualcomm srv1h firmware
canonical/qualcomm snapdragon auto 5g-rf gen 2 firmware
canonical/qualcomm snapdragon auto 5g modem-rf
canonical/qualcomm snapdragon 835 mobile pc firmware
canonical/qualcomm snapdragon 835 mobile pc
canonical/qualcomm snapdragon 8 gen 1 mobile platform
canonical/qualcomm snapdragon 8 gen 1 mobile firmware
canonical/qualcomm snapdragon 835
canonical/qualcomm sa9000p firmware
canonical/qualcomm sa8775p
canonical/qualcomm sa8770p firmware
canonical/qualcomm sa8650p
canonical/qualcomm sa8620p
canonical/qualcomm sa8255p firmware
canonical/qualcomm sa7775p firmware
canonical/qualcomm sa7255p
canonical/qualcomm sa7255p firmware
canonical/qualcomm qca6698aq
canonical/qualcomm qca6698aq firmware
canonical/qualcomm qca6584au firmware
canonical/qualcomm qca6320 firmware
canonical/qualcomm qca6310 firmware
canonical/qualcomm qamsrv1m firmware
canonical/qualcomm qamsrv1h firmware
canonical/qualcomm qam8775p
canonical/qualcomm qam8775p firmware
canonical/qualcomm qam8650p firmware
canonical/qualcomm qam8255p
canonical/qualcomm qam8255p firmware
canonical/qualcomm fastconnect 7800 firmware
canonical/qualcomm fastconnect 6900 firmware