CVE-2024-23378

MEDIUM

Qualcomm SRV1M and related firmware - Memory Corruption via MSM Module IOCTL Calls

Title source: llm
STIX 2.1

Description

Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.

Scores

CVSS v3 6.7
EPSS 0.0011
EPSS Percentile 1.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120
Status published
Products (18)
qualcomm/qam8255p_firmware
qualcomm/qam8650p_firmware
qualcomm/qam8775p_firmware
qualcomm/qamsrv1h_firmware
qualcomm/qamsrv1m_firmware
qualcomm/qca6584au_firmware
qualcomm/qca6698aq_firmware
qualcomm/sa7255p_firmware
qualcomm/sa7775p_firmware
qualcomm/sa8255p_firmware
... and 8 more
Published Oct 07, 2024
Tracked Since Feb 18, 2026