CVE-2023-24855
published 2023-10-03CVE-2023-24855: Memory corruption in Modem while processing security related configuration before AS Security Exchange.
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.54%
41.2th percentile
Memory corruption in Modem while processing security related configuration before AS Security Exchange.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r633-28cw-p576: Memory corruption in Modem while processing security related configuration before AS Security Exchange
ghsa_unreviewed·2023-10-03
CVE-2023-24855 [CRITICAL] CWE-787 GHSA-r633-28cw-p576: Memory corruption in Modem while processing security related configuration before AS Security Exchange
Memory corruption in Modem while processing security related configuration before AS Security Exchange.
Android
CVE-2023-24855: Closed-source component
vendor_android·2023-10-01·CVSS 9.8
CVE-2023-24855 [CRITICAL] CVE-2023-24855: Closed-source component
Android Security Bulletin 2023-10-01
CVE: CVE-2023-24855
Severity: CRITICAL
Component: Closed-source component
References: A-276750662
*
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
blogs_bleepingcomputer·2023-10-03·CVSS 8.4
CVE-2022-22071 [HIGH] Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
## Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
## Bill Toulas
The CVE-2022-22071 flaw was disclosed in May 2022 and is a high-severity (CVSS v3.1: 8.4) locally exploitable use after free bug impacting popular chips like the SD855, SD865 5G, and SD888 5G
Qualcomm has not released any details on the actively exploited CVE-2023-33106, CVE-2022-22071, and CVE-2023-33063 flaws and will provide more information in its December 2023 bulletin.
This month's security bulletin also warns of three other critical vulnerabilities:
CVE-2023-24855 : Memory corruption in Qualcomm’s Modem component occurring when processing security-related configurations before the AS Security Exchange. (CVSS v3.1: 9.8)
CVE-2023-28540 : Cryptographic issue in the Data Modem component arising fro
Bugzilla
CVE-2024-24855 kernel: Race condition in lpfc_unregister_fcf_rescan() in scsi/lpfc/lpfc_hbadisc.c
bugzilla·2024-02-06·CVSS 4.7
CVE-2024-24855 [MEDIUM] CVE-2024-24855 kernel: Race condition in lpfc_unregister_fcf_rescan() in scsi/lpfc/lpfc_hbadisc.c
CVE-2024-24855 kernel: Race condition in lpfc_unregister_fcf_rescan() in scsi/lpfc/lpfc_hbadisc.c
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
References:
https://bugzilla.openanolis.cn/show_bug.cgi?id=8149
Discussion:
No info available from reference (private bug). Fixing commit might be:
https://lkml.org/lkml/2023/8/3/683
https://github.com/torvalds/linux/commit/0e881c0a4b6146b7e856735226208f48251facd8
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2262985]
2023-10-03
Published