CVE-2024-23366

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23366
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-01-06 11:15

Updated : 2025-01-10 17:20

NVD link : CVE-2024-23366

Mitre link : CVE-2024-23366

CVE.ORG link : CVE-2024-23366

JSON object : View

Products Affected

qualcomm

  • qam8255p_firmware
  • qamsrv1h_firmware
  • sa9000p
  • qca6698aq_firmware
  • sa8770p_firmware
  • sa8650p_firmware
  • sa8295p_firmware
  • sa8775p
  • qam8650p_firmware
  • sa8255p
  • qam8295p
  • qam8255p
  • qca6698aq
  • qca6595au_firmware
  • sa8540p_firmware
  • qca6595_firmware
  • qam8775p
  • sa8540p
  • qca6595au
  • sa9000p_firmware
  • sa8650p
  • qam8650p
  • sa8770p
  • qca6595
  • qca6696
  • sa8255p_firmware
  • srv1h
  • sa8775p_firmware
  • sa8295p
  • srv1h_firmware
  • qamsrv1h
  • qam8295p_firmware
  • qam8775p_firmware
  • qca6696_firmware
CWE
CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read