CVE-2024-23365

Q: What is the severity of CVE-2024-23365?

CVE-2024-23365 has a CVSS score of 8.4 (HIGH). CVE-2024-23365 is a use-after-free vulnerability in Qualcomm's MinkSocket component that allows memory corruption when releasing shared resources. Successful exploitation could lead to arbitrary code execution or denial of service. This affects devices using vulnerable Qualcomm chipsets across mobile, automotive, and IoT platforms.

8.4 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

CVE-2024-23365 is a use-after-free vulnerability in Qualcomm's MinkSocket component that allows memory corruption when releasing shared resources. Successful exploitation could lead to arbitrary code execution or denial of service. This affects devices using vulnerable Qualcomm chipsets across mobile, automotive, and IoT platforms.

💻 Affected Systems

Products:

Qualcomm chipsets with MinkSocket component

Versions: Specific versions not publicly detailed in advisory

Operating Systems: Android, Linux-based automotive/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm chipsets; exact models require checking vendor-specific advisories.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations, possibly resulting in service disruption only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Memory corruption vulnerabilities in network-facing components are often targeted; no public exploits known as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to September 2024 Qualcomm security bulletin for chipset-specific patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware updates from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot device to activate fixes.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface

Disable unnecessary services

linux

Turn off MinkSocket or related services if not required for functionality

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal device behavior or crashes indicating exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's advisory

Check Version:

Device-specific commands vary by manufacturer; typically 'cat /proc/version' or manufacturer-specific diagnostic tools

Verify Fix Applied:

Verify firmware version has been updated to patched release from manufacturer

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
MinkSocket service crashes
Memory allocation failures

Network Indicators:

Unexpected connections to MinkSocket ports
Malformed packets targeting vulnerable component

SIEM Query:

Device logs containing 'panic', 'segfault', or 'MinkSocket' errors within short timeframes

📊 Metadata

CVE ID: CVE-2024-23365

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 2, 2024

Last Updated: October 3, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1m Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm