CVE-2024-38410

moderate-risk

Published 2024-11-04

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Wsa8845H Firmware

Wsa8845 Firmware

Wsa8840 Firmware

Wsa8835 Firmware

Wsa8830 Firmware

Wcn3660B Firmware

Wcn3620 Firmware

Wcd9385 Firmware

Wcd9380 Firmware

Wcd9375 Firmware

Wcd9370 Firmware

Snapdragon 8Cx Gen 3 Compute Platform Firmware

Snapdragon 429 Mobile Platform Firmware

Sdm429W Firmware

Sc8380Xp Firmware

Video Collaboration Vc3 Platform Firmware

Qcs6490 Firmware

Qcs5430 Firmware

Qcm6490 Firmware

Qcm5430 Firmware

Qualcomm

Patch https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High