CVE-2024-38402
published 2024-09-02CVE-2024-38402: Memory corruption while processing IOCTL call for getting group info.
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.16%
5.6th percentile
Memory corruption while processing IOCTL call for getting group info.
Affected
169 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
project_zero·2024-12-01
CVE-2024-21455 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
Posted by Seth Jenkins, Google Project Zero
This blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!
## Introduction
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,
GHSA
GHSA-f939-g2jm-g6pg: Memory corruption while processing IOCTL call for getting group info
ghsa_unreviewed·2024-09-02
CVE-2024-38402 [HIGH] CWE-416 GHSA-f939-g2jm-g6pg: Memory corruption while processing IOCTL call for getting group info
Memory corruption while processing IOCTL call for getting group info.
Android
CVE-2024-38402: Kernel
vendor_android·2024-11-01·CVSS 7.8
CVE-2024-38402 [HIGH] CVE-2024-38402: Kernel
Android Security Bulletin 2024-11-01
CVE: CVE-2024-38402
Severity: HIGH
Component: Kernel
References: A-364017423
QC-CR#3890158
No detection rules found.
No public exploits indexed.
2024-09-02
Published