CVE-2024-21455
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-21455 describes a memory corruption vulnerability that occurs when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. Affected products include various models from Qualcomm, such as yHebl1, yNO62y, and wNnrce, among others. This vulnerability has a high severity rating with a CVSS score of 7.8, indicating significant risks to integrity, confidentiality, and availability due to its local attack vector and low privileges required for exploitation. Remediation steps should involve applying any patches or updates released by Qualcomm as detailed in their October 2024 security bulletin. Organizations are advised to address this vulnerability promptly to mitigate the risk of local attacks that could lead to unauthorized access or system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.