CVE-2024-43063 - Vulnerability Details

information disclosure while invoking the mailbox read API.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`QAM8255P`	affected	—
`QAM8295P`	affected	—
`QAM8650P`	affected	—
`QAM8775P`	affected	—
`QAMSRV1H`	affected	—
`QCA6595`	affected	—
`QCA6595AU`	affected	—
`QCA6696`	affected	—
`QCA6698AQ`	affected	—
`SA8255P`	affected	—
`SA8295P`	affected	—
`SA8540P`	affected	—
`SA8650P`	affected	—
`SA8770P`	affected	—
`SA8775P`	affected	—
`SA9000P`	affected	—
`SRV1H`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Qam8255p Subscribe Qam8255p Firmware Subscribe Qam8295p Subscribe Qam8295p Firmware Subscribe Qam8650p Subscribe Qam8650p Firmware Subscribe Qam8775p Subscribe Qam8775p Firmware Subscribe Qamsrv1h Subscribe Qamsrv1h Firmware Subscribe Qca6595 Subscribe Qca6595 Firmware Subscribe Qca6595au Subscribe Qca6595au Firmware Subscribe Qca6696 Subscribe Qca6696 Firmware Subscribe Qca6698aq Subscribe Qca6698aq Firmware Subscribe Sa8255p Subscribe Sa8255p Firmware Subscribe Sa8295p Subscribe Sa8295p Firmware Subscribe Sa8540p Subscribe Sa8540p Firmware Subscribe Sa8650p Subscribe Sa8650p Firmware Subscribe Sa8770p Subscribe Sa8770p Firmware Subscribe Sa8775p Subscribe Sa8775p Firmware Subscribe Sa9000p Subscribe Sa9000p Firmware Subscribe Srv1h Subscribe Srv1h Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-40707	information disclosure while invoking the mailbox read API.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

History

Fri, 10 Jan 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm qam8255p Qualcomm qam8255p Firmware Qualcomm qam8295p Qualcomm qam8295p Firmware Qualcomm qam8650p Qualcomm qam8650p Firmware Qualcomm qam8775p Qualcomm qam8775p Firmware Qualcomm qamsrv1h Qualcomm qamsrv1h Firmware Qualcomm qca6595 Qualcomm qca6595 Firmware Qualcomm qca6595au Qualcomm qca6595au Firmware Qualcomm qca6696 Qualcomm qca6696 Firmware Qualcomm qca6698aq Qualcomm qca6698aq Firmware Qualcomm sa8255p Qualcomm sa8255p Firmware Qualcomm sa8295p Qualcomm sa8295p Firmware Qualcomm sa8540p Qualcomm sa8540p Firmware Qualcomm sa8650p Qualcomm sa8650p Firmware Qualcomm sa8770p Qualcomm sa8770p Firmware Qualcomm sa8775p Qualcomm sa8775p Firmware Qualcomm sa9000p Qualcomm sa9000p Firmware Qualcomm srv1h Qualcomm srv1h Firmware
Weaknesses		CWE-125
CPEs		cpe:2.3:h:qualcomm:qam8255p:-:::::::* cpe:2.3:h:qualcomm:qam8295p:-:::::::* cpe:2.3:h:qualcomm:qam8650p:-:::::::* cpe:2.3:h:qualcomm:qam8775p:-:::::::* cpe:2.3:h:qualcomm:qamsrv1h:-:::::::* cpe:2.3:h:qualcomm:qca6595:-:::::::* cpe:2.3:h:qualcomm:qca6595au:-:::::::* cpe:2.3:h:qualcomm:qca6696:-:::::::* cpe:2.3:h:qualcomm:qca6698aq:-:::::::* cpe:2.3:h:qualcomm:sa8255p:-:::::::* cpe:2.3:h:qualcomm:sa8295p:-:::::::* cpe:2.3:h:qualcomm:sa8540p:-:::::::* cpe:2.3:h:qualcomm:sa8650p:-:::::::* cpe:2.3:h:qualcomm:sa8770p:-:::::::* cpe:2.3:h:qualcomm:sa8775p:-:::::::* cpe:2.3:h:qualcomm:sa9000p:-:::::::* cpe:2.3:h:qualcomm:srv1h:-:::::::* cpe:2.3:o:qualcomm:qam8255p_firmware:-:::::::* cpe:2.3:o:qualcomm:qam8295p_firmware:-:::::::* cpe:2.3:o:qualcomm:qam8650p_firmware:-:::::::* cpe:2.3:o:qualcomm:qam8775p_firmware:-:::::::* cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6595_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6595au_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6696_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6698aq_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8255p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8295p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8540p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8650p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8770p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa8775p_firmware:-:::::::* cpe:2.3:o:qualcomm:sa9000p_firmware:-:::::::* cpe:2.3:o:qualcomm:srv1h_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm qam8255p Qualcomm qam8255p Firmware Qualcomm qam8295p Qualcomm qam8295p Firmware Qualcomm qam8650p Qualcomm qam8650p Firmware Qualcomm qam8775p Qualcomm qam8775p Firmware Qualcomm qamsrv1h Qualcomm qamsrv1h Firmware Qualcomm qca6595 Qualcomm qca6595 Firmware Qualcomm qca6595au Qualcomm qca6595au Firmware Qualcomm qca6696 Qualcomm qca6696 Firmware Qualcomm qca6698aq Qualcomm qca6698aq Firmware Qualcomm sa8255p Qualcomm sa8255p Firmware Qualcomm sa8295p Qualcomm sa8295p Firmware Qualcomm sa8540p Qualcomm sa8540p Firmware Qualcomm sa8650p Qualcomm sa8650p Firmware Qualcomm sa8770p Qualcomm sa8770p Firmware Qualcomm sa8775p Qualcomm sa8775p Firmware Qualcomm sa9000p Qualcomm sa9000p Firmware Qualcomm srv1h Qualcomm srv1h Firmware

Mon, 06 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Jan 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		information disclosure while invoking the mailbox read API.
Title		Buffer Over-read in Automotive Autonomy
Weaknesses		CWE-126
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2025-01-06T10:33:20.733Z

Updated: 2025-01-06T14:18:35.659Z

Reserved: 2024-08-05T14:22:16.920Z

Link: CVE-2024-43063

Vulnrichment

Updated: 2025-01-06T14:11:12.313Z

NVD

Status : Analyzed

Published: 2025-01-06T11:15:08.930

Modified: 2025-01-10T15:37:33.340

Link: CVE-2024-43063

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object