CVE-2024-23358

Q: What is the severity of CVE-2024-23358?

CVE-2024-23358 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm modems allows a transient denial-of-service (DoS) condition when the device receives a registration accept OTA (Over-The-Air) message with incorrect ciphering key data. Attackers can send specially crafted messages to crash or disrupt modem functionality. This affects devices using vulnerable Qualcomm modem chipsets.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm modems allows a transient denial-of-service (DoS) condition when the device receives a registration accept OTA (Over-The-Air) message with incorrect ciphering key data. Attackers can send specially crafted messages to crash or disrupt modem functionality. This affects devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific affected versions not publicly detailed in bulletin

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent modem failure requiring device reboot or factory reset, disrupting all cellular connectivity including emergency calls.

🟠

Likely Case

Temporary loss of cellular connectivity (transient DoS) until modem recovers or device reboots.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware.

🌐 Internet-Facing: MEDIUM - Attack requires sending specially crafted OTA messages to cellular network, which can be done remotely but requires cellular network access.

🏢 Internal Only: LOW - This is a cellular network vulnerability, not typically exploitable on internal enterprise networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted OTA messages over cellular network. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to September 2024 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided modem firmware patches. 3. Reboot device after update.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering of malformed OTA messages

Airplane mode toggle

all

Temporarily disable cellular radio when not needed

🧯 If You Can't Patch

Limit device exposure to untrusted cellular networks
Monitor for unusual modem crashes or connectivity issues

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against Qualcomm security bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: Settings > About Phone > Baseband version)

Verify Fix Applied:

Verify modem firmware has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
Cellular connectivity loss events

Network Indicators:

Unusual OTA message patterns
Malformed registration accept messages

SIEM Query:

Search for modem crash events or cellular service disruption logs

📊 Metadata

CVE ID: CVE-2024-23358

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: September 2, 2024

Last Updated: October 3, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

205 Mobile Platform Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Smart Audio 200 Platform Firmware by Qualcomm

Snapdragon 208 Processor Firmware by Qualcomm

Snapdragon 210 Processor Firmware by Qualcomm

Snapdragon 212 Mobile Platform Firmware by Qualcomm

Snapdragon 425 Mobile Platform Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 430 Mobile Platform Firmware by Qualcomm

Snapdragon 439 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon Wear 4100\+ Platform Firmware by Qualcomm

Snapdragon X72 5g Modem Rf System Firmware by Qualcomm

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm