high
7.5
CWE
126 125
Advisory Published
Updated

CVE-2024-38404

First published: Mon Feb 03 2025(Updated: )

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
All of
Qualcomm AR8035 Firmware
Qualcomm AR8035 Firmware
All of
Qualcomm Fastconnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
qualcomm QCA6584AU firmware
Qualcomm QCA6584
All of
Qualcomm QCA6698AQ
Qualcomm QCA6698AQ Firmware
All of
Qualcomm QCA8081 firmware
Qualcomm QCA8081 firmware
All of
Qualcomm QCA8337 Firmware
Qualcomm QCA8337 Firmware
All of
Qualcomm QCC710
Qualcomm QCC710
All of
Qualcomm QCN6224 Firmware
Qualcomm QCN6224 Firmware
All of
Qualcomm QCN6274 Firmware
Qualcomm QCN6274 Firmware
All of
Qualcomm QFW7114 Firmware
Qualcomm QFW7114 Firmware
All of
Qualcomm QFW7124
Qualcomm QFW7124
All of
Qualcomm SDM429W
qualcomm SDM429W firmware
All of
Qualcomm Sdx80m Firmware
Qualcomm Sdx80m Firmware
All of
Qualcomm SM7675P Firmware
Qualcomm SM7675 Firmware
All of
Qualcomm SM7675P Firmware
Qualcomm SM7675P Firmware
All of
qualcomm sm8635 firmware
Qualcomm SM8635P
All of
Qualcomm SM8635P Firmware
Qualcomm SM8635
All of
Qualcomm Snapdragon 429 Mobile Firmware
Qualcomm Snapdragon 429 Mobile
All of
Qualcomm Snapdragon 8 Gen 3 Firmware
Qualcomm Snapdragon 8 Gen 3 Mobile Platform
All of
Qualcomm Snapdragon Auto 5G-RF Gen 2 Firmware
Qualcomm Snapdragon Auto 5G Modem-RF
All of
Qualcomm Snapdragon Wear 4100+ Firmware
Qualcomm Snapdragon Wear 4100+
All of
Qualcomm Snapdragon X72 5G-RF System Firmware
Qualcomm Snapdragon X72 5G Modem-RF
All of
Qualcomm Snapdragon X75 5G Modem-RF System Firmware
Qualcomm Snapdragon X75 5G Modem-RF
All of
Qualcomm WCD9340 Firmware
Qualcomm WCD9340 Firmware
All of
Qualcomm WCD9370 Firmware
Qualcomm WCD9370 Firmware
All of
Qualcomm WCD9375
Qualcomm WCD9375 Firmware
All of
Qualcomm WCD9390 Firmware
Qualcomm WCD9390 Firmware
All of
Qualcomm WCD9395
qualcomm wcd9395 firmware
All of
Qualcomm WCN3610 Firmware
Qualcomm WCN3610 Firmware
All of
Qualcomm WCN3620 Firmware
Qualcomm WCN3620 Firmware
All of
Qualcomm WCN3660B
Qualcomm WCN3660B Firmware
All of
Qualcomm WCN3680B Firmware
Qualcomm WCN3680B Firmware
All of
Qualcomm Wcn3980
qualcomm wcn3980 firmware
All of
Qualcomm WCN6755 Firmware
Qualcomm WCN6755 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8832
qualcomm wsa8832 firmware
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8840 Firmware
Qualcomm WSA8840 Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845 Firmware
All of
Qualcomm WSA8845H
Qualcomm WSA8845H Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-38404?

    CVE-2024-38404 is categorized as a Transient Denial of Service (DoS) vulnerability in Qualcomm modem firmware.

  • How do I fix CVE-2024-38404?

    To address CVE-2024-38404, update the affected Qualcomm firmware to the latest version as provided by Qualcomm's security bulletin.

  • Which devices are affected by CVE-2024-38404?

    CVE-2024-38404 impacts various Qualcomm modem firmware versions including but not limited to the ar8035, fastconnect 7800, and QCA series.

  • What kind of attack does CVE-2024-38404 enable?

    CVE-2024-38404 potentially allows attackers to cause a temporary denial of service by sending incorrect ciphering key data.

  • Is CVE-2024-38404 a remote attack vector?

    Yes, CVE-2024-38404 can be exploited remotely through manipulated Over-The-Air (OTA) registration messages.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203