CVE-2024-38404

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 3, 2025

Updated: Feb 5, 2025

CWE ID 125

CWE ID 126

Summary

CVE-2024-38404 is a transient Denial of Service (DoS) vulnerability affecting modems. The issue arises when the registration acceptance Over-the-Air (OTA) process receives incorrect ciphering key data in the IE (Information Element) of the packet. This error results in a DoS condition, causing the modem to become unresponsive and unable to process legitimate requests, leading to a disruption in network services.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Snapdragon MDM

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wfmNb-
https://www.cve.org/CVERecord?id=CVE-2024-38404
https://nvd.nist.gov/vuln/detail/CVE-2024-38404

Back to Vulnerability Database

CVE-2024-38404

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations