CVE-2024-21480

Q: What is the severity of CVE-2024-21480?

CVE-2024-21480 has a CVSS score of 7.3 (HIGH). This vulnerability allows memory corruption when processing audio files with large input buffers, potentially leading to arbitrary code execution. It affects Qualcomm audio processing components across multiple device platforms. Attackers could exploit this by crafting malicious audio files.

7.3 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability allows memory corruption when processing audio files with large input buffers, potentially leading to arbitrary code execution. It affects Qualcomm audio processing components across multiple device platforms. Attackers could exploit this by crafting malicious audio files.

💻 Affected Systems

Products:

Qualcomm audio processing components
Devices with Qualcomm chipsets

Versions: Multiple Qualcomm chipset versions prior to May 2024 patches

Operating Systems: Android, Linux-based systems with Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm audio processing libraries

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise

🟠

Likely Case

Application crash or denial of service affecting audio functionality

🟢

If Mitigated

Contained crash within audio service without privilege escalation

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious audio file

🏢 Internal Only: LOW - Typically requires local access or specific app integration

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open malicious audio file; exploitation depends on memory layout

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualcomm security updates from May 2024

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply Qualcomm May 2024 security patches. 3. Reboot device after update.

🔧 Temporary Workarounds

Restrict audio file sources

all

Only allow audio files from trusted sources

Disable unnecessary audio processing

linux

Reduce attack surface by disabling unused audio features

🧯 If You Can't Patch

Implement application sandboxing to contain potential exploitation
Use security monitoring to detect abnormal audio processing behavior

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and compare with May 2024 security bulletin

Check Version:

On Android: adb shell getprop ro.boot.qcom.version

Verify Fix Applied:

Verify Qualcomm security patch level includes May 2024 updates

📡 Detection & Monitoring

Log Indicators:

Audio service crashes
Memory corruption errors in system logs

Network Indicators:

Unusual audio file downloads from untrusted sources

SIEM Query:

process:audio* AND (event:crash OR event:memory_corruption)

📊 Metadata

CVE ID: CVE-2024-21480

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-120

Published: May 6, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 680 4g Mobile Firmware by Qualcomm

Snapdragon 685 4g Mobile Firmware by Qualcomm

Snapdragon 695 5g Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm