CVE-2024-23368

Q: What is the severity of CVE-2024-23368?

CVE-2024-23368 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm's Shared Memory (SMEM) subsystem that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets, potentially including smartphones, IoT devices, and embedded systems. Attackers could exploit this to gain elevated privileges or compromise device integrity.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm's Shared Memory (SMEM) subsystem that could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects devices using Qualcomm chipsets, potentially including smartphones, IoT devices, and embedded systems. Attackers could exploit this to gain elevated privileges or compromise device integrity.

💻 Affected Systems

Products:

Qualcomm chipsets with SMEM subsystem

Versions: Specific versions not publicly detailed; refer to Qualcomm security bulletin

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm firmware/software components

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated system privileges

🟢

If Mitigated

Denial of service or system instability if exploitation attempts are blocked

🌐 Internet-Facing: MEDIUM - Requires local access or adjacent network position for exploitation

🏢 Internal Only: HIGH - Could be exploited by malicious insiders or compromised internal devices

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or adjacent network position; buffer overflow techniques needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected components. 2. Obtain firmware/software updates from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot device to activate fixes.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and network access to vulnerable devices

Implement memory protection

linux

Enable ASLR and other memory protection mechanisms if available

echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Implement strict access controls and monitoring for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check device firmware/software version against Qualcomm security bulletin

Check Version:

cat /proc/version or check device settings for firmware version

Verify Fix Applied:

Verify patched firmware version is installed and device is functioning normally

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Memory access violation errors
Unexpected process crashes

Network Indicators:

Unusual local network traffic to/from affected devices

SIEM Query:

source="kernel" AND ("panic" OR "segfault" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2024-23368

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: July 1, 2024

Last Updated: November 21, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html Patch,Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8064au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Fsm20055 Firmware by Qualcomm

Fsm20056 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm