high
7.8
CWE
416
Advisory Published
Updated

CVE-2024-38411: Use After Free

First published: Mon Feb 03 2025(Updated: )

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
All of
qualcomm fastconnect 6900 Firmware
qualcomm fastconnect 6900
All of
qualcomm fastconnect 7800 firmware
qualcomm fastconnect 7800
All of
qualcomm qcm8550 firmware
qualcomm qcm8550
All of
Qualcomm qcs6490 firmware
Qualcomm qcs6490
All of
qualcomm qcs8550 firmware
qualcomm qcs8550
All of
qualcomm video collaboration vc3 firmware
qualcomm video collaboration vc3
All of
qualcomm sg8275p firmware
qualcomm sg8275p
All of
qualcomm sm8550p firmware
qualcomm sm8550p
All of
Qualcomm Snapdragon 8 Gen 2 Firmware
Qualcomm Snapdragon 8 Gen 2
All of
Qualcomm Snapdragon 8 Gen 3 Firmware
Qualcomm Snapdragon 8 Gen 3
All of
qualcomm snapdragon 8\+ gen 2 mobile firmware
qualcomm snapdragon 8\+ gen 2 mobile
All of
qualcomm wcd9380 firmware
qualcomm wcd9380
All of
qualcomm wcd9385 firmware
qualcomm wcd9385
All of
qualcomm wcd9390 firmware
qualcomm wcd9390
All of
qualcomm wcd9395 firmware
qualcomm wcd9395
All of
qualcomm wsa8840 firmware
qualcomm wsa8840
All of
qualcomm wsa8845 firmware
qualcomm wsa8845
All of
qualcomm wsa8845h firmware
Qualcomm Wsa8845h

Remedy

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-38411?

    CVE-2024-38411 is categorized with a severity level that indicates potential risk to the integrity of systems using affected Qualcomm firmware.

  • How do I fix CVE-2024-38411?

    To mitigate CVE-2024-38411, it is recommended to apply the latest firmware updates provided by Qualcomm for the affected devices.

  • Which devices are affected by CVE-2024-38411?

    CVE-2024-38411 affects various Qualcomm firmware versions, including the Fastconnect series and Snapdragon series among others.

  • Is CVE-2024-38411 a critical vulnerability?

    The criticality of CVE-2024-38411 largely depends on the specific device and its use case.

  • What type of vulnerability is CVE-2024-38411?

    CVE-2024-38411 is a memory corruption vulnerability that arises from improper handling of IOCTL calls between user-space and kernel-space.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203