CVE-2024-23350 — Reachable Assertion in INC Snapdragon

CWE-617 — Reachable Assertion4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedAug 5

Description

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon25 versions+24

🔴Vulnerability Details

GHSA

GHSA-jfgv-r9x2-7mhr: Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the↗2024-08-05

▶

📋Vendor Advisories

Android

CVE-2024-23350: Closed-source component↗2024-08-01

▶

🕵️Threat Intelligence

Bleepingcomputer

Google fixes Android kernel zero-day exploited in targeted attacks↗2024-08-05

▶