NVD Vulnerability Detail

CVE-2024-38425

Summary	Information disclosure while sending implicit broadcast containing APP launch information.
Publication Date	Oct. 7, 2024, 10:15 p.m.
Registration Date	Oct. 8, 2024, 5 a.m.
Last Update	Oct. 17, 2024, 2:34 a.m.

CVSS3.1 : MEDIUM
スコア	6.1
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	低
可用性への影響(A)	なし

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:wsa8835:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:wsa8830:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:wcd9380:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_8\+_gen_2_mobile_platform:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_8\+_gen_1_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_8\+_gen_1_mobile_platform:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile_platform:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile_platform:-:::::::*

Configuration9		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_7\+_gen_2_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_7\+_gen_2_mobile_platform:-:::::::*

Configuration10		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_7_gen_1_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_7_gen_1_mobile_platform:-:::::::*

Configuration11		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_695_5g_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_695_5g_mobile_platform:-:::::::*

Configuration12		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_685_4g_mobile_platform_\(sm6225-ad\):-:::::::*

Configuration13		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_680_4g_mobile_platform:-:::::::*

Configuration14		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:::::::*

Configuration15		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_6_gen_1_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_6_gen_1_mobile_platform:-:::::::*

Configuration16		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\):-:::::::*

Configuration17		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_480_5g_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_480_5g_mobile_platform:-:::::::*

Configuration18		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_4_gen_2_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_4_gen_2_mobile_platform:-:::::::*

Configuration19		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:snapdragon_4_gen_1_mobile_platform_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:snapdragon_4_gen_1_mobile_platform:-:::::::*

Configuration20		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:sm8750_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:sm8750:-:::::::*

Configuration21		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:sm8635_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:sm8635:-:::::::*

Configuration22		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:sm7435_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:sm7435:-:::::::*

Configuration23		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:fastconnect_7800:-:::::::*

Configuration24		or higher	or less	more than	less than
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::*
execution environment
1	cpe:2.3:h:qualcomm:fastconnect_6900:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-863	不正な認証	https://cwe.mitre.org/data/definitions/863.html

JVN Vulnerability Information

複数のクアルコム製品における不正な認証に関する脆弱性

Title	複数のクアルコム製品における不正な認証に関する脆弱性
Summary	WSA8835 ファームウェア、WSA8830 ファームウェア、WCD9380 ファームウェア等複数のクアルコム製品には、不正な認証に関する脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 7, 2024, midnight
Registration Date	Oct. 17, 2024, 4:12 p.m.
Last Update	Oct. 17, 2024, 4:12 p.m.

Affected System

クアルコム

sm8750 ファームウェア

snapdragon 4 gen 1 mobile platform ファームウェア

snapdragon 4 gen 2 mobile platform ファームウェア

snapdragon 480 5g mobile platform ファームウェア

snapdragon 480+ 5g mobile platform (sm4350-ac) ファームウェア

snapdragon 6 gen 1 mobile platform ファームウェア

snapdragon 662 mobile platform ファームウェア

snapdragon 680 4g mobile platform ファームウェア

snapdragon 685 4g mobile platform (sm6225-ad) ファームウェア

snapdragon 695 5g mobile platform ファームウェア

snapdragon 7 gen 1 mobile platform ファームウェア

snapdragon 7+ gen 2 mobile platform ファームウェア

snapdragon 8 gen 1 mobile platform ファームウェア

snapdragon 8 gen 2 mobile platform ファームウェア

snapdragon 8 gen 3 mobile platform ファームウェア

snapdragon 8+ gen 1 mobile platform ファームウェア

snapdragon 8+ gen 2 mobile platform ファームウェア

WCD9380 ファームウェア

WSA8830 ファームウェア

WSA8835 ファームウェア

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-38425	https://www.cve.org/CVERecord?id=CVE-2024-38425
National Vulnerability Database (NVD)
2	CVE-2024-38425	https://nvd.nist.gov/vuln/detail/CVE-2024-38425

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-285	https://cwe.mitre.org/data/definitions/285.html
2	CWE-863	https://cwe.mitre.org/data/definitions/863.html

その他

No	Name	URL
関連文書
1	docs.qualcomm.com (october-2024-bulletin)	https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Change Log

No	Changed Details	Date of change
1	[2024年10月17日] 掲載	Oct. 17, 2024, 4:12 p.m.