CVE-2024-23360 - OpenCVE

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-06-03T10:05:26.653Z

Updated: 2024-08-01T23:06:24.158Z

Reserved: 2024-01-16T03:27:26.433Z

Link: CVE-2024-23360

Vulnrichment

Updated: 2024-08-01T23:06:24.158Z

NVD

Status : Awaiting Analysis

Published: 2024-06-03T10:15:12.130

Modified: 2024-06-03T14:46:24.250

Link: CVE-2024-23360

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23360", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2024-01-16T03:27:26.433Z", "datePublished": "2024-06-03T10:05:26.653Z", "dateUpdated": "2024-08-01T23:06:24.158Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Compute"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "FastConnect 6700"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute"}, {"status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}]}], "descriptions": [{"lang": "en", "value": "Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2024-06-03T10:05:26.653Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"}], "title": "Improper Access Control in Graphics Windows"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-04T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-23360"}}}], "affected": [{"cpes": ["cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_6700_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_6900_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_7800_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "sc8380xp_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9380_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9385_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8830_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8835_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8840_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8845_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8845h_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:snapdragon_7c\\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "snapdragon_7c\\+_gen_3_compute_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T04:01:22.984Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.158Z"}, "title": "CVE Program Container", "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.158Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T13:40:46.055650Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_6700_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_6900_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "fastconnect_7800_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "sc8380xp_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9380_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wcd9385_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8830_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8835_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8840_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8845_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "wsa8845h_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:qualcomm:snapdragon_7c\\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*"], "vendor": "qualcomm", "product": "snapdragon_7c\\+_gen_3_compute_firmware", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T13:43:55.983Z"}}], "cna": {"title": "Improper Access Control in Graphics Windows", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "FastConnect 6700"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute"}, {"status": "affected", "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}], "platforms": ["Snapdragon Compute"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2024-06-03T10:05:26.653Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23360", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:06:24.158Z", "dateReserved": "2024-01-16T03:27:26.433Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2024-06-03T10:05:26.653Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.1"}