CVE-2024-38402

Q: What is the severity of CVE-2024-38402?

CVE-2024-38402 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to cause memory corruption through a specific IOCTL call for group information retrieval. Successful exploitation could lead to arbitrary code execution or system crashes. Affects systems using vulnerable Qualcomm components, particularly mobile devices and embedded systems.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to cause memory corruption through a specific IOCTL call for group information retrieval. Successful exploitation could lead to arbitrary code execution or system crashes. Affects systems using vulnerable Qualcomm components, particularly mobile devices and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets and components

Versions: Specific versions not detailed in public advisory; refer to Qualcomm September 2024 bulletin

Operating Systems: Android, Linux-based systems using Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm hardware and vulnerable driver implementations. Exact product list requires checking Qualcomm's advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges leading to complete device control, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on already compromised devices.

🟢

If Mitigated

System crash or denial of service if memory corruption cannot be reliably controlled for code execution.

🌐 Internet-Facing: LOW - Requires local access or existing foothold on device.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement from compromised endpoints.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to make IOCTL calls. Memory corruption vulnerabilities can be challenging to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm September 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/component versions. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches following manufacturer's instructions. 4. Reboot device to load patched components.

🔧 Temporary Workarounds

Restrict IOCTL access

linux

Limit access to vulnerable IOCTL interfaces through SELinux/AppArmor policies or kernel module restrictions

# Example SELinux policy to restrict ioctl access
# require device-specific policy configuration

🧯 If You Can't Patch

Implement strict application sandboxing to limit potential damage from exploitation
Monitor for unusual IOCTL calls or memory corruption events in system logs

🔍 How to Verify

Check if Vulnerable:

Check device firmware/chipset version against Qualcomm's advisory. Use 'getprop ro.bootloader' or similar on Android devices.

Check Version:

adb shell getprop ro.bootloader (Android) or uname -a (Linux kernel)

Verify Fix Applied:

Verify updated firmware version matches patched versions in Qualcomm bulletin. Check kernel/driver version strings.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
IOCTL access violations in audit logs
Memory corruption warnings in dmesg

Network Indicators:

Not network exploitable - local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "corruption" OR "ioctl")

📊 Metadata

CVE ID: CVE-2024-38402

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 2, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Robotics Rb5 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm