CVE-2024-23360 - Vulnerability Details

- Improper Access Control in Graphics Windows

Description

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

Published: 2024-06-03

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`FastConnect 6700`	affected	—
`FastConnect 6900`	affected	—
`FastConnect 7800`	affected	—
`SC8380XP`	affected	—
`Snapdragon 7c+ Gen 3 Compute`	affected	—
`Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)`	affected	—
`WCD9380`	affected	—
`WCD9385`	affected	—
`WSA8830`	affected	—
`WSA8835`	affected	—
`WSA8840`	affected	—
`WSA8845`	affected	—
`WSA8845H`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sc8280xp-abbb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc8280xp-abbb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-20864	Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00094.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00029}`	epss `{'score': 0.00083}`

Thu, 09 Jan 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm fastconnect 6700 Qualcomm fastconnect 6700 Firmware Qualcomm fastconnect 6900 Qualcomm fastconnect 6900 Firmware Qualcomm fastconnect 7800 Qualcomm fastconnect 7800 Firmware Qualcomm sc8280xp-abbb Qualcomm sc8280xp-abbb Firmware Qualcomm sc8380xp Qualcomm sc8380xp Firmware Qualcomm snapdragon 7c\+ Gen 3 Compute Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware Qualcomm wcd9380 Qualcomm wcd9380 Firmware Qualcomm wcd9385 Qualcomm wcd9385 Firmware Qualcomm wsa8830 Qualcomm wsa8830 Firmware Qualcomm wsa8835 Qualcomm wsa8835 Firmware Qualcomm wsa8840 Qualcomm wsa8840 Firmware Qualcomm wsa8845 Qualcomm wsa8845 Firmware Qualcomm wsa8845h Qualcomm wsa8845h Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:h:qualcomm:fastconnect_6700:-:::::::* cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::* cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::* cpe:2.3:h:qualcomm:sc8280xp-abbb:-:::::::* cpe:2.3:h:qualcomm:sc8380xp:-:::::::* cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:h:qualcomm:wsa8840:-:::::::* cpe:2.3:h:qualcomm:wsa8845:-:::::::* cpe:2.3:h:qualcomm:wsa8845h:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::* cpe:2.3:o:qualcomm:sc8280xp-abbb_firmware:-:::::::* cpe:2.3:o:qualcomm:sc8380xp_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8840_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8845h_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm fastconnect 6700 Qualcomm fastconnect 6700 Firmware Qualcomm fastconnect 6900 Qualcomm fastconnect 6900 Firmware Qualcomm fastconnect 7800 Qualcomm fastconnect 7800 Firmware Qualcomm sc8280xp-abbb Qualcomm sc8280xp-abbb Firmware Qualcomm sc8380xp Qualcomm sc8380xp Firmware Qualcomm snapdragon 7c\+ Gen 3 Compute Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware Qualcomm wcd9380 Qualcomm wcd9380 Firmware Qualcomm wcd9385 Qualcomm wcd9385 Firmware Qualcomm wsa8830 Qualcomm wsa8830 Firmware Qualcomm wsa8835 Qualcomm wsa8835 Firmware Qualcomm wsa8840 Qualcomm wsa8840 Firmware Qualcomm wsa8845 Qualcomm wsa8845 Firmware Qualcomm wsa8845h Qualcomm wsa8845h Firmware

Subscriptions

Qualcomm Fastconnect 6700 Fastconnect 6700 Firmware Fastconnect 6900 Fastconnect 6900 Firmware Fastconnect 7800 Fastconnect 7800 Firmware Sc8280xp-abbb Sc8280xp-abbb Firmware Sc8380xp Sc8380xp Firmware Snapdragon 7c\+ Gen 3 Compute Snapdragon 7c\+ Gen 3 Compute Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wsa8830 Wsa8830 Firmware Wsa8835 Wsa8835 Firmware Wsa8840 Wsa8840 Firmware Wsa8845 Wsa8845 Firmware Wsa8845h Wsa8845h Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-06-03T10:05:26.653Z

Updated: 2024-08-01T23:06:24.158Z

Reserved: 2024-01-16T03:27:26.433Z

Link: CVE-2024-23360

Vulnrichment

Updated: 2024-08-01T23:06:24.158Z

NVD

Status : Analyzed

Published: 2024-06-03T10:15:12.130

Modified: 2025-01-09T21:26:20.507

Link: CVE-2024-23360

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object