CVE-2024-21474

moderate-risk

Published 2024-05-06

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Ar8035 Firmware

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Qam8295P Firmware

Qca6574Au Firmware

Qca6595 Firmware

Qca6696 Firmware

Qca6698Aq Firmware

Qca8081 Firmware

Qca8337 Firmware

Sa8295P Firmware

Sa8530P Firmware

Sa8540P Firmware

Sa9000P Firmware

Sc8380Xp Firmware

Sc8280Xp-Abbb Firmware

Snapdragon X65 5G Modem-Rf Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wsa8830 Firmware

Qualcomm

Vendor Advisory https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bull...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 21/34 · High