CVE-2024-21469

Q: What is the severity of CVE-2024-21469?

CVE-2024-21469 has a CVSS score of 7.3 (HIGH). This vulnerability involves memory corruption when an invoke call and a TEE (Trusted Execution Environment) call target the same trusted application simultaneously. It affects devices with Qualcomm chipsets that utilize TEE functionality, potentially allowing attackers to execute arbitrary code or cause denial of service.

7.3 HIGH

📋 TL;DR

This vulnerability involves memory corruption when an invoke call and a TEE (Trusted Execution Environment) call target the same trusted application simultaneously. It affects devices with Qualcomm chipsets that utilize TEE functionality, potentially allowing attackers to execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:

Qualcomm chipsets with TEE support

Versions: Specific versions not detailed in provided references; refer to Qualcomm July 2024 bulletin for exact affected chipsets.

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires TEE functionality to be enabled and used; devices without TEE usage may not be affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges, leading to complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions, access sensitive data, or disrupt trusted application functionality.

🟢

If Mitigated

Limited impact with proper isolation controls, potentially causing only application crashes or denial of service to specific trusted applications.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and knowledge of TEE operations; no public exploits known as of July 2024.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm July 2024 security bulletin for specific chipset firmware updates.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm bulletin for affected chipset list. 2. Contact device manufacturer for firmware updates. 3. Apply firmware patches provided by manufacturer. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable TEE functionality

all

Disables Trusted Execution Environment features to prevent exploitation, but may break security-dependent applications.

Not applicable - requires firmware/OS configuration changes

Restrict TEE access

all

Limit which applications can make TEE calls through security policies.

Not applicable - requires security policy configuration

🧯 If You Can't Patch

Isolate affected devices from untrusted networks and users.
Implement strict access controls and monitoring for TEE-related operations.

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's July 2024 security bulletin.

Check Version:

Android: 'getprop ro.bootloader' or 'getprop ro.build.fingerprint'; Linux: Check /proc/cpuinfo for chipset info

Verify Fix Applied:

Verify firmware version has been updated to a version listed as patched in Qualcomm bulletin.

📡 Detection & Monitoring

Log Indicators:

Unexpected TEE invocation failures
Memory corruption errors in kernel logs
Trusted application crashes

Network Indicators:

Not typically network-exploitable; focus on local system indicators

SIEM Query:

source="kernel" AND ("TEE" OR "trustzone") AND ("corruption" OR "panic" OR "oops")

📊 Metadata

CVE ID: CVE-2024-21469

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-264

Published: July 1, 2024

Last Updated: November 21, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

9205 Lte Modem Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8155 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm