What is the severity of CVE-2024-38425?

CVE-2024-38425 is classified as a medium severity vulnerability due to information disclosure risks.

What kind of information is disclosed by CVE-2024-38425?

CVE-2024-38425 allows malicious actors to access APP launch information via implicit broadcast.

How do I mitigate CVE-2024-38425?

To mitigate CVE-2024-38425, ensure your Qualcomm firmware is updated to the latest version as advised in the security bulletin.

Which Qualcomm products are affected by CVE-2024-38425?

CVE-2024-38425 affects various Qualcomm firmware, including the WSA8835, WSA8830, and multiple Snapdragon mobile platform versions.

Is there a patch available for CVE-2024-38425?

Yes, patches for CVE-2024-38425 are included in the latest firmware updates from Qualcomm.

Vulnerability/
CVE-2024-38425

medium

6.1

CWE

285 863

7/10/2024

16/10/2024

CVE-2024-38425: Improper Authorization in Performance

First published: Mon Oct 07 2024(Updated: )

Information disclosure while sending implicit broadcast containing APP launch information.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
All of
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
All of
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform
All of
Qualcomm Snapdragon 8+ Gen 1 Mobile Platform Firmware
Qualcomm Snapdragon 8+ Gen 1 Mobile Platform
All of
Qualcomm Snapdragon 8 Gen 3 Mobile Firmware
Qualcomm Snapdragon 8 Gen 3 Mobile Platform
All of
Qualcomm Snapdragon 8+ Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 8 Gen 2
All of
Qualcomm Snapdragon 8 Gen 1 Mobile Platform
Qualcomm Snapdragon 8 Gen 1 Mobile Firmware
All of
Qualcomm Snapdragon 7+ Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 7+ Gen 2 Mobile Platform
All of
Qualcomm Snapdragon 7 Gen 1 Mobile Firmware
Qualcomm Snapdragon 7 Gen 1 Mobile Platform Firmware
All of
Qualcomm Snapdragon 695 5G Mobile Platform Firmware
Qualcomm Snapdragon 695 5G Mobile Platform Firmware
All of
Qualcomm Snapdragon 685 4G Mobile Platform (SM6225-AD) Firmware
Qualcomm Snapdragon 685 4G Mobile Platform (SM6225-AD)
All of
Qualcomm Snapdragon 680 4G Mobile Firmware
Qualcomm Snapdragon 680 4G Mobile Platform Firmware
All of
Qualcomm Snapdragon 662 Mobile Platform
Qualcomm Snapdragon 662 Mobile Platform
All of
Qualcomm Snapdragon 6 Gen 1 Mobile Firmware
Qualcomm Snapdragon 6 Gen 1 Mobile Platform Firmware
All of
Qualcomm Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Firmware
Qualcomm Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
All of
Qualcomm Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Firmware
Qualcomm Snapdragon 480+ 5G Mobile Platform
All of
Qualcomm Snapdragon 4 Gen 2 Mobile Platform Firmware
Qualcomm Snapdragon 4 Gen 2 Mobile Platform Firmware
All of
Qualcomm Snapdragon 4 Gen 1 Mobile Firmware
Qualcomm Snapdragon 4 Gen 1 Mobile Platform Firmware
All of
Qualcomm SM8750P Firmware
Qualcomm SM8750 Firmware
All of
Qualcomm SM8635 Firmware
Qualcomm SM8635 Firmware
All of
Qualcomm SM7435
qualcomm sm7435 firmware
All of
Qualcomm FastConnect 7800 Firmware
Qualcomm Fastconnect 7800 Firmware
All of
Qualcomm FastConnect 6900 Firmware
Qualcomm Fastconnect 6900 Firmware

Never miss a vulnerability like this again

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Frequently Asked Questions

What is the severity of CVE-2024-38425?
CVE-2024-38425 is classified as a medium severity vulnerability due to information disclosure risks.
What kind of information is disclosed by CVE-2024-38425?
CVE-2024-38425 allows malicious actors to access APP launch information via implicit broadcast.
How do I mitigate CVE-2024-38425?
To mitigate CVE-2024-38425, ensure your Qualcomm firmware is updated to the latest version as advised in the security bulletin.
Which Qualcomm products are affected by CVE-2024-38425?
CVE-2024-38425 affects various Qualcomm firmware, including the WSA8835, WSA8830, and multiple Snapdragon mobile platform versions.
Is there a patch available for CVE-2024-38425?
Yes, patches for CVE-2024-38425 are included in the latest firmware updates from Qualcomm.

agent/references
agent/title
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/qualcomm
canonical/qualcomm wsa8835
canonical/qualcomm wsa8835 firmware
canonical/qualcomm wsa8830
canonical/qualcomm wcd9380
canonical/qualcomm wcd9380 firmware
canonical/qualcomm snapdragon 8+ gen 2 mobile platform firmware
canonical/qualcomm snapdragon 8+ gen 2 mobile platform
canonical/qualcomm snapdragon 8+ gen 1 mobile platform firmware
canonical/qualcomm snapdragon 8+ gen 1 mobile platform
canonical/qualcomm snapdragon 8 gen 3 mobile firmware
canonical/qualcomm snapdragon 8 gen 3 mobile platform
canonical/qualcomm snapdragon 8 gen 2
canonical/qualcomm snapdragon 8 gen 1 mobile platform
canonical/qualcomm snapdragon 8 gen 1 mobile firmware
canonical/qualcomm snapdragon 7+ gen 2 mobile platform firmware
canonical/qualcomm snapdragon 7+ gen 2 mobile platform
canonical/qualcomm snapdragon 7 gen 1 mobile firmware
canonical/qualcomm snapdragon 7 gen 1 mobile platform firmware
canonical/qualcomm snapdragon 695 5g mobile platform firmware
canonical/qualcomm snapdragon 685 4g mobile platform (sm6225-ad) firmware
canonical/qualcomm snapdragon 685 4g mobile platform (sm6225-ad)
canonical/qualcomm snapdragon 680 4g mobile firmware
canonical/qualcomm snapdragon 680 4g mobile platform firmware
canonical/qualcomm snapdragon 662 mobile platform
canonical/qualcomm snapdragon 6 gen 1 mobile firmware
canonical/qualcomm snapdragon 6 gen 1 mobile platform firmware
canonical/qualcomm snapdragon 480+ 5g mobile platform (sm4350-ac) firmware
canonical/qualcomm snapdragon 480+ 5g mobile platform (sm4350-ac)
canonical/qualcomm snapdragon 480+ 5g mobile platform
canonical/qualcomm snapdragon 4 gen 2 mobile platform firmware
canonical/qualcomm snapdragon 4 gen 1 mobile firmware
canonical/qualcomm snapdragon 4 gen 1 mobile platform firmware
canonical/qualcomm sm8750p firmware
canonical/qualcomm sm8750 firmware
canonical/qualcomm sm8635 firmware
canonical/qualcomm sm7435
canonical/qualcomm sm7435 firmware
canonical/qualcomm fastconnect 7800 firmware
canonical/qualcomm fastconnect 6900 firmware