Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Qualcomm
  • Fastconnect 6900
  • Fastconnect 6900 Firmware
  • Fastconnect 7800
  • Fastconnect 7800 Firmware
  • Qcc2073
  • Qcc2073 Firmware
  • Qcc2076
  • Qcc2076 Firmware
  • Sc8380xp
  • Sc8380xp Firmware
  • Wcd9380
  • Wcd9380 Firmware
  • Wcd9385
  • Wcd9385 Firmware
  • Wsa8840
  • Wsa8840 Firmware
  • Wsa8845
  • Wsa8845 Firmware
  • Wsa8845h
  • Wsa8845h Firmware

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcc2073:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcc2076:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html cve-icon cve-icon
History

Wed, 05 Feb 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qcc2073
Qualcomm qcc2073 Firmware
Qualcomm qcc2076
Qualcomm qcc2076 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Weaknesses CWE-119
CPEs cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcc2073:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcc2076:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Vendors & Products Qualcomm
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qcc2073
Qualcomm qcc2073 Firmware
Qualcomm qcc2076
Qualcomm qcc2076 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware

Tue, 04 Feb 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Feb 2025 17:00:00 +0000

Type Values Removed Values Added
Description Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
Title Use of Out-of-range Pointer Offset in WLAN Windows Host
Weaknesses CWE-823
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2025-02-03T17:31:20.955Z

Reserved: 2024-10-20T17:18:43.216Z

Link: CVE-2024-49840

cve-icon Vulnrichment

Updated: 2025-02-03T17:31:16.305Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-03T17:15:20.863

Modified: 2025-02-05T16:02:18.927

Link: CVE-2024-49840

cve-icon Redhat

No data.