CVE-2024-23352

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial of service (DoS) in NAS (Network Access Stratum) implementations by sending specially crafted ODAC criteria in registration accept OTA messages. It affects Qualcomm mobile devices and infrastructure equipment using vulnerable NAS implementations. The attack causes temporary service disruption rather than permanent damage.

💻 Affected Systems

Products:

• Qualcomm mobile platforms
• Qualcomm modem chipsets
• Cellular network infrastructure using Qualcomm components

Versions: Specific versions not publicly disclosed; refer to Qualcomm August 2024 security bulletin

Operating Systems: Android, Embedded RTOS on modem chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices when connected to cellular networks; Wi-Fi only devices not affected.

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

View all CVEs affecting 315 5g Iot Modem Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6800 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6421 Firmware by Qualcomm

View all CVEs affecting Qca6421 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6431 Firmware by Qualcomm

View all CVEs affecting Qca6431 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qcc710 Firmware by Qualcomm

View all CVEs affecting Qcc710 Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm5430 Firmware by Qualcomm

View all CVEs affecting Qcm5430 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcm8550 Firmware by Qualcomm

View all CVEs affecting Qcm8550 Firmware →

Qcn6024 Firmware by Qualcomm

View all CVEs affecting Qcn6024 Firmware →

Qcn6224 Firmware by Qualcomm

View all CVEs affecting Qcn6224 Firmware →

Qcn6274 Firmware by Qualcomm

View all CVEs affecting Qcn6274 Firmware →

Qcn9024 Firmware by Qualcomm

View all CVEs affecting Qcn9024 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs5430 Firmware by Qualcomm

View all CVEs affecting Qcs5430 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcs8550 Firmware by Qualcomm

View all CVEs affecting Qcs8550 Firmware →

Qep8111 Firmware by Qualcomm

View all CVEs affecting Qep8111 Firmware →

Qfw7114 Firmware by Qualcomm

View all CVEs affecting Qfw7114 Firmware →

Qfw7124 Firmware by Qualcomm

View all CVEs affecting Qfw7124 Firmware →

Sd855 Firmware by Qualcomm

View all CVEs affecting Sd855 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd888 Firmware by Qualcomm

View all CVEs affecting Sd888 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx57m Firmware by Qualcomm

View all CVEs affecting Sdx57m Firmware →

Sdx71m Firmware by Qualcomm

View all CVEs affecting Sdx71m Firmware →

Sg8275p Firmware by Qualcomm

View all CVEs affecting Sg8275p Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7315 Firmware by Qualcomm

View all CVEs affecting Sm7315 Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Sm8550p Firmware by Qualcomm

View all CVEs affecting Sm8550p Firmware →

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →

Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware →

Snapdragon 690 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 690 5g Mobile Platform Firmware →

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →

Snapdragon 750g 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 750g 5g Mobile Platform Firmware →

Snapdragon 765 5g Mobile Platform \(sm7250 Aa\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 765 5g Mobile Platform \(sm7250 Aa\) Firmware →

Snapdragon 765g 5g Mobile Platform \(sm7250 Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 765g 5g Mobile Platform \(sm7250 Ab\) Firmware →

Snapdragon 768g 5g Mobile Platform \(sm7250 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 768g 5g Mobile Platform \(sm7250 Ac\) Firmware →

Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →

Snapdragon 778g\+ 5g Mobile Platform \(sm7325 Ae\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g\+ 5g Mobile Platform \(sm7325 Ae\) Firmware →

Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 780g 5g Mobile Platform Firmware →

Snapdragon 782g Mobile Platform \(sm7325 Af\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 782g Mobile Platform \(sm7325 Af\) Firmware →

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →

Snapdragon 855 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 855 Mobile Platform Firmware →

Snapdragon 855\+\/860 Mobile Platform \(sm8150 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 855\+\/860 Mobile Platform \(sm8150 Ac\) Firmware →

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →

Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware →

Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware →

Snapdragon 888 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →

Snapdragon 888\+ 5g Mobile Platform \(sm8350 Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 888\+ 5g Mobile Platform \(sm8350 Ac\) Firmware →

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →

Snapdragon X35 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X35 5g Modem Rf System Firmware →

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →

Snapdragon X62 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X62 5g Modem Rf System Firmware →

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →

Snapdragon X70 Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X70 Modem Rf System Firmware →

Snapdragon X72 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X72 5g Modem Rf System Firmware →

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →

Snapdragon Xr2 5g Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for affected mobile devices, preventing voice calls, messaging, and data services until system recovery.

🟠

Likely Case

Temporary service interruption for individual devices or small groups of devices, requiring device reboot or network reconnection.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service restored automatically after timeout.

🌐 Internet-Facing: MEDIUM - Attack requires proximity to target or ability to send OTA messages to cellular infrastructure.

🏢 Internal Only: LOW - Primarily affects cellular network infrastructure rather than internal enterprise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send OTA messages to cellular infrastructure, which typically requires specialized equipment or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm August 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected components. 2. Obtain firmware updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Network filtering

all

Implement network filtering to block malformed ODAC criteria at network perimeter

Monitoring and alerting

all

Monitor for unusual registration patterns and implement alerting for potential DoS attempts

🧯 If You Can't Patch

• Implement network segmentation to isolate vulnerable systems
• Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against Qualcomm security bulletin; devices with unpatched Qualcomm components are vulnerable

Check Version:

Copy

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Software Information

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version specified in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

• Unusual registration failures
• Multiple registration attempts with malformed parameters
• NAS layer error messages

Network Indicators:

• Abnormal OTA message patterns
• Registration accept messages with ODAC criteria of length 1 and type 1

SIEM Query:

Copy

Search for NAS registration errors or abnormal cellular network authentication patterns

📊 Metadata

CVE ID: CVE-2024-23352

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-835

Published: August 5, 2024

Last Updated: November 26, 2024

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23352, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)

CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)

CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)