CVE-2024-23385

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in mobile devices by sending specially crafted MAC RAR messages with invalid PDU lengths, triggering a modem reset. It affects mobile devices using Qualcomm modems, potentially impacting cellular connectivity and device functionality.

💻 Affected Systems

Products:

• Qualcomm modem chipsets

Versions: Specific versions not publicly detailed in advisory

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware; exact chipset models not specified in public advisory.

📦 What is this software?

205 Mobile Platform Firmware by Qualcomm

View all CVEs affecting 205 Mobile Platform Firmware →

Apq8017 Firmware by Qualcomm

View all CVEs affecting Apq8017 Firmware →

Apq8037 Firmware by Qualcomm

View all CVEs affecting Apq8037 Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Fsm10055 Firmware by Qualcomm

View all CVEs affecting Fsm10055 Firmware →

Fsm10056 Firmware by Qualcomm

View all CVEs affecting Fsm10056 Firmware →

Msm8108 Firmware by Qualcomm

View all CVEs affecting Msm8108 Firmware →

Msm8209 Firmware by Qualcomm

View all CVEs affecting Msm8209 Firmware →

Msm8608 Firmware by Qualcomm

View all CVEs affecting Msm8608 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qcc710 Firmware by Qualcomm

View all CVEs affecting Qcc710 Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm8550 Firmware by Qualcomm

View all CVEs affecting Qcm8550 Firmware →

Qcn6024 Firmware by Qualcomm

View all CVEs affecting Qcn6024 Firmware →

Qcn6224 Firmware by Qualcomm

View all CVEs affecting Qcn6224 Firmware →

Qcn6274 Firmware by Qualcomm

View all CVEs affecting Qcn6274 Firmware →

Qcn9024 Firmware by Qualcomm

View all CVEs affecting Qcn9024 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs8550 Firmware by Qualcomm

View all CVEs affecting Qcs8550 Firmware →

Qep8111 Firmware by Qualcomm

View all CVEs affecting Qep8111 Firmware →

Qfw7114 Firmware by Qualcomm

View all CVEs affecting Qfw7114 Firmware →

Qfw7124 Firmware by Qualcomm

View all CVEs affecting Qfw7124 Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx57m Firmware by Qualcomm

View all CVEs affecting Sdx57m Firmware →

Sdx61 Firmware by Qualcomm

View all CVEs affecting Sdx61 Firmware →

Sdx71m Firmware by Qualcomm

View all CVEs affecting Sdx71m Firmware →

Sg8275p Firmware by Qualcomm

View all CVEs affecting Sg8275p Firmware →

Sm6370 Firmware by Qualcomm

View all CVEs affecting Sm6370 Firmware →

Sm8550p Firmware by Qualcomm

View all CVEs affecting Sm8550p Firmware →

Sm8635 Firmware by Qualcomm

View all CVEs affecting Sm8635 Firmware →

Smart Audio 200 Platform Firmware by Qualcomm

View all CVEs affecting Smart Audio 200 Platform Firmware →

Snapdragon 208 Processor Firmware by Qualcomm

View all CVEs affecting Snapdragon 208 Processor Firmware →

Snapdragon 210 Processor Firmware by Qualcomm

View all CVEs affecting Snapdragon 210 Processor Firmware →

Snapdragon 212 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 212 Mobile Platform Firmware →

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →

Snapdragon 425 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 425 Mobile Platform Firmware →

Snapdragon 429 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 429 Mobile Platform Firmware →

Snapdragon 430 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 430 Mobile Platform Firmware →

Snapdragon 439 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 439 Mobile Platform Firmware →

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →

Snapdragon Wear 4100\+ Platform Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 4100\+ Platform Firmware →

Snapdragon X35 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X35 5g Modem Rf System Firmware →

Snapdragon X62 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X62 5g Modem Rf System Firmware →

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →

Snapdragon X70 Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X70 Modem Rf System Firmware →

Snapdragon X72 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X72 5g Modem Rf System Firmware →

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →

Wcd9326 Firmware by Qualcomm

View all CVEs affecting Wcd9326 Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3610 Firmware by Qualcomm

View all CVEs affecting Wcn3610 Firmware →

Wcn3615 Firmware by Qualcomm

View all CVEs affecting Wcn3615 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wcn3680b Firmware by Qualcomm

View all CVEs affecting Wcn3680b Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3980 Firmware by Qualcomm

View all CVEs affecting Wcn3980 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn6755 Firmware by Qualcomm

View all CVEs affecting Wcn6755 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent DoS attacks could render mobile devices temporarily unusable for cellular services, disrupting voice calls, messaging, and data connectivity until manual reboot.

🟠

Likely Case

Temporary service disruption causing dropped calls, failed data connections, or brief loss of cellular connectivity until modem automatically recovers.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware preventing malicious packets from reaching vulnerable devices.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires ability to send crafted cellular network packets to target device; likely requires proximity or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm November 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm modem firmware updates from device OEM. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering to block malicious MAC RAR packets with invalid PDU lengths

🧯 If You Can't Patch

• Implement network monitoring for abnormal MAC RAR traffic patterns
• Restrict physical and network access to cellular interfaces where possible

🔍 How to Verify

Check if Vulnerable:

Copy

Check device modem firmware version against Qualcomm security bulletin; contact device manufacturer for vulnerability status

Check Version:

Copy

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Baseband Version

Verify Fix Applied:

Copy

Verify modem firmware has been updated to version containing November 2024 Qualcomm security patches

📡 Detection & Monitoring

Log Indicators:

• Unexpected modem resets
• MAC RAR processing errors in modem logs
• Abnormal cellular disconnection events

Network Indicators:

• Spike in MAC RAR messages with unusual PDU lengths
• Abnormal cellular signaling patterns

SIEM Query:

Copy

Not applicable - requires specialized cellular network monitoring

📊 Metadata

CVE ID: CVE-2024-23385

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: November 4, 2024

Last Updated: November 7, 2024

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html Patch,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23385, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)

CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)

CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)