Vulnerability identifier: #VU91031

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21478

CWE-ID: CWE-704

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
QAM8255P
Mobile applications / Mobile firmware & hardware
QAM8650P
Mobile applications / Mobile firmware & hardware
QAM8775P
Mobile applications / Mobile firmware & hardware
QAMSRV1H
Mobile applications / Mobile firmware & hardware
QAMSRV1M
Mobile applications / Mobile firmware & hardware
SA8255P
Mobile applications / Mobile firmware & hardware
SA8650P
Mobile applications / Mobile firmware & hardware
SA8770P
Mobile applications / Mobile firmware & hardware
SA8775P
Mobile applications / Mobile firmware & hardware
SRV1H
Mobile applications / Mobile firmware & hardware
SRV1M
Mobile applications / Mobile firmware & hardware
SA9000P
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Graphics. A local application can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

QAM8255P: All versions

QAM8650P: All versions

QAM8775P: All versions

QAMSRV1H: All versions

QAMSRV1M: All versions

SA8255P: All versions

SA8650P: All versions

SA8770P: All versions

SA8775P: All versions

SA9000P: All versions

SRV1H: All versions

SRV1M: All versions

---

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.