#VU99675 Reachable Assertion in Qualcomm products - CVE-2024-23385

Vulnerability identifier: #VU99675

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-23385

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
APQ8017
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
SDM429W
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
WSA8832
Hardware solutions / Firmware
APQ8037
Mobile applications / Mobile firmware & hardware
AR8035
Mobile applications / Mobile firmware & hardware
FastConnect 6200
Mobile applications / Mobile firmware & hardware
FastConnect 6700
Mobile applications / Mobile firmware & hardware
FastConnect 6900
Mobile applications / Mobile firmware & hardware
FastConnect 7800
Mobile applications / Mobile firmware & hardware
FSM10055
Mobile applications / Mobile firmware & hardware
FSM10056
Mobile applications / Mobile firmware & hardware
MSM8108
Mobile applications / Mobile firmware & hardware
MSM8209
Mobile applications / Mobile firmware & hardware
MSM8608
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
QCA6584AU
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCA6696
Mobile applications / Mobile firmware & hardware
QCA6698AQ
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8337
Mobile applications / Mobile firmware & hardware
QCC710
Mobile applications / Mobile firmware & hardware
QCM4490
Mobile applications / Mobile firmware & hardware
QCM8550
Mobile applications / Mobile firmware & hardware
QCN6024
Mobile applications / Mobile firmware & hardware
QCN6224
Mobile applications / Mobile firmware & hardware
QCN6274
Mobile applications / Mobile firmware & hardware
QCN9024
Mobile applications / Mobile firmware & hardware
QCS4490
Mobile applications / Mobile firmware & hardware
QCS8550
Mobile applications / Mobile firmware & hardware
QEP8111
Mobile applications / Mobile firmware & hardware
QFW7114
Mobile applications / Mobile firmware & hardware
QFW7124
Mobile applications / Mobile firmware & hardware
Qualcomm 205 Mobile Platform
Mobile applications / Mobile firmware & hardware
SDX57M
Mobile applications / Mobile firmware & hardware
SDX61
Mobile applications / Mobile firmware & hardware
SDX71M
Mobile applications / Mobile firmware & hardware
SG8275P
Mobile applications / Mobile firmware & hardware
SM6370
Mobile applications / Mobile firmware & hardware
SM8550P
Mobile applications / Mobile firmware & hardware
SM8635
Mobile applications / Mobile firmware & hardware
Smart Audio 200 Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 208 Processor
Mobile applications / Mobile firmware & hardware
Snapdragon 210 Processor
Mobile applications / Mobile firmware & hardware
Snapdragon 212 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 4 Gen 1 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 425 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 429 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 430 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 439 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 480 5G Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Mobile applications / Mobile firmware & hardware
Snapdragon 695 5G Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 1 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 2 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8 Gen 3 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8+ Gen 1 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 8+ Gen 2 Mobile Platform
Mobile applications / Mobile firmware & hardware
Snapdragon Auto 5G Modem-RF Gen 2
Mobile applications / Mobile firmware & hardware
Snapdragon Wear 4100+ Platform
Mobile applications / Mobile firmware & hardware
Snapdragon X35 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X62 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X65 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X70 Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X72 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
Snapdragon X75 5G Modem-RF System
Mobile applications / Mobile firmware & hardware
WCD9326
Mobile applications / Mobile firmware & hardware
WCD9340
Mobile applications / Mobile firmware & hardware
WCD9360
Mobile applications / Mobile firmware & hardware
WCD9370
Mobile applications / Mobile firmware & hardware
WCD9375
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCD9385
Mobile applications / Mobile firmware & hardware
WCD9390
Mobile applications / Mobile firmware & hardware
WCD9395
Mobile applications / Mobile firmware & hardware
WCN3610
Mobile applications / Mobile firmware & hardware
WCN3615
Mobile applications / Mobile firmware & hardware
WCN3620
Mobile applications / Mobile firmware & hardware
WCN3660B
Mobile applications / Mobile firmware & hardware
WCN3680B
Mobile applications / Mobile firmware & hardware
WCN3950
Mobile applications / Mobile firmware & hardware
WCN3980
Mobile applications / Mobile firmware & hardware
WCN3988
Mobile applications / Mobile firmware & hardware
WCN6755
Mobile applications / Mobile firmware & hardware
WSA8810
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware
WSA8840
Mobile applications / Mobile firmware & hardware
WSA8845
Mobile applications / Mobile firmware & hardware
WSA8845H
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8017: All versions

APQ8037: All versions

AR8035: All versions

FastConnect 6200: All versions

FastConnect 6700: All versions

FastConnect 6900: All versions

FastConnect 7800: All versions

FSM10055: All versions

FSM10056: All versions

MSM8108: All versions

MSM8209: All versions

MSM8608: All versions

QCA6174A: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA6698AQ: All versions

QCA8081: All versions

QCA8337: All versions

QCC710: All versions

QCM4490: All versions

QCM8550: All versions

QCN6024: All versions

QCN6224: All versions

QCN6274: All versions

QCN9024: All versions

QCS4490: All versions

QCS8550: All versions

QEP8111: All versions

QFW7114: All versions

QFW7124: All versions

Qualcomm 205 Mobile Platform: All versions

SDM429W: All versions

SDX55: All versions

SDX57M: All versions

SDX61: All versions

SDX71M: All versions

SG8275P: All versions

SM6370: All versions

SM8550P: All versions

SM8635: All versions

Smart Audio 200 Platform: All versions

Snapdragon 208 Processor: All versions

Snapdragon 210 Processor: All versions

Snapdragon 212 Mobile Platform: All versions

Snapdragon 4 Gen 1 Mobile Platform: All versions

Snapdragon 425 Mobile Platform: All versions

Snapdragon 429 Mobile Platform: All versions

Snapdragon 430 Mobile Platform: All versions

Snapdragon 439 Mobile Platform: All versions

Snapdragon 480 5G Mobile Platform: All versions

Snapdragon 480+ 5G Mobile Platform (SM4350-AC): All versions

Snapdragon 695 5G Mobile Platform: All versions

Snapdragon 8 Gen 1 Mobile Platform: All versions

Snapdragon 8 Gen 2 Mobile Platform: All versions

Snapdragon 8 Gen 3 Mobile Platform: All versions

Snapdragon 8+ Gen 1 Mobile Platform: All versions

Snapdragon 8+ Gen 2 Mobile Platform: All versions

Snapdragon Auto 5G Modem-RF Gen 2: All versions

Snapdragon Wear 4100+ Platform: All versions

Snapdragon X35 5G Modem-RF System: All versions

Snapdragon X62 5G Modem-RF System: All versions

Snapdragon X65 5G Modem-RF System: All versions

Snapdragon X70 Modem-RF System: All versions

Snapdragon X72 5G Modem-RF System: All versions

Snapdragon X75 5G Modem-RF System: All versions

WCD9326: All versions

WCD9340: All versions

WCD9360: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCD9390: All versions

WCD9395: All versions

WCN3610: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660B: All versions

WCN3680B: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN6755: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8832: All versions

WSA8835: All versions

WSA8840: All versions

WSA8845: All versions

WSA8845H: All versions

---

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.