Vulnerability identifier: #VU98080
Vulnerability risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
FastConnect 6900
Mobile applications /
Mobile firmware & hardware
FastConnect 7800
Mobile applications /
Mobile firmware & hardware
SM7435
Mobile applications /
Mobile firmware & hardware
SM8635
Mobile applications /
Mobile firmware & hardware
SM8750
Mobile applications /
Mobile firmware & hardware
Snapdragon 4 Gen 1 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 4 Gen 2 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 480 5G Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Mobile applications /
Mobile firmware & hardware
Snapdragon 6 Gen 1 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 662 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 680 4G Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 685 4G Mobile Platform (SM6225-AD)
Mobile applications /
Mobile firmware & hardware
Snapdragon 695 5G Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 7 Gen 1 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 7+ Gen 2 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 8 Gen 1 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 8 Gen 2 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 8 Gen 3 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 8+ Gen 1 Mobile Platform
Mobile applications /
Mobile firmware & hardware
Snapdragon 8+ Gen 2 Mobile Platform
Mobile applications /
Mobile firmware & hardware
WCD9380
Mobile applications /
Mobile firmware & hardware
WSA8830
Mobile applications /
Mobile firmware & hardware
WSA8835
Mobile applications /
Mobile firmware & hardware
Vendor: Qualcomm
Description
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Performance. A local application can read and manipulate data.
Mitigation
Install security update from vendor's website.
Vulnerable software versions
FastConnect 6900: All versions
FastConnect 7800: All versions
SM7435: All versions
SM8635: All versions
SM8750: All versions
Snapdragon 4 Gen 1 Mobile Platform: All versions
Snapdragon 4 Gen 2 Mobile Platform: All versions
Snapdragon 480 5G Mobile Platform: All versions
Snapdragon 480+ 5G Mobile Platform (SM4350-AC): All versions
Snapdragon 6 Gen 1 Mobile Platform: All versions
Snapdragon 662 Mobile Platform: All versions
Snapdragon 680 4G Mobile Platform: All versions
Snapdragon 685 4G Mobile Platform (SM6225-AD): All versions
Snapdragon 695 5G Mobile Platform: All versions
Snapdragon 7 Gen 1 Mobile Platform: All versions
Snapdragon 7+ Gen 2 Mobile Platform: All versions
Snapdragon 8 Gen 1 Mobile Platform: All versions
Snapdragon 8 Gen 2 Mobile Platform: All versions
Snapdragon 8 Gen 3 Mobile Platform: All versions
Snapdragon 8+ Gen 1 Mobile Platform: All versions
Snapdragon 8+ Gen 2 Mobile Platform: All versions
WCD9380: All versions
WSA8830: All versions
WSA8835: All versions
External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.