CVE-2024-38404

Q: What is the severity of CVE-2024-38404?

CVE-2024-38404 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm modems allows a transient denial-of-service (DoS) condition when the device receives a registration accept message with incorrect ciphering key data during over-the-air (OTA) updates. Attackers can temporarily disrupt mobile connectivity by sending specially crafted messages. Affects devices using vulnerable Qualcomm modem chipsets.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm modems allows a transient denial-of-service (DoS) condition when the device receives a registration accept message with incorrect ciphering key data during over-the-air (OTA) updates. Attackers can temporarily disrupt mobile connectivity by sending specially crafted messages. Affects devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific versions not publicly detailed; refer to Qualcomm advisory for affected chipsets.

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in modem firmware, not application processor. Affects devices when connected to cellular networks.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained DoS attacks could render mobile devices temporarily unable to make/receive calls or use data services until reboot or network re-registration.

🟠

Likely Case

Temporary service disruption lasting seconds to minutes, requiring device to re-establish network connection.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware; devices automatically recover.

🌐 Internet-Facing: MEDIUM - Attack requires proximity to target or ability to send malicious OTA messages through cellular network.

🏢 Internal Only: LOW - Primarily affects cellular network interfaces, not internal enterprise networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires ability to send malicious OTA messages via cellular network; no authentication needed but requires proximity or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer/OEM updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply modem firmware patch provided by OEM. 3. No device restart typically required for modem updates.

🔧 Temporary Workarounds

Network filtering

all

Implement network-side filtering of malicious OTA messages at cellular carrier level.

🧯 If You Can't Patch

Monitor for unusual network disconnection patterns
Implement device management policies to ensure cellular connectivity redundancy

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against manufacturer's patched versions list.

Check Version:

Device-specific; typically in Settings > About Phone > Baseband Version

Verify Fix Applied:

Verify modem firmware has been updated to version containing Qualcomm's fix.

📡 Detection & Monitoring

Log Indicators:

Unexpected modem resets
Frequent network registration failures
OTA message parsing errors in modem logs

Network Indicators:

Unusual OTA message patterns
Spike in network re-registration requests

SIEM Query:

Search for modem crash logs or repeated network attachment failures within short timeframes

📊 Metadata

CVE ID: CVE-2024-38404

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

EPSS Score: 0.16% exploit probability (37th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx80m Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon Wear 4100\+ Firmware by Qualcomm

Snapdragon X72 5g Modem Rf System Firmware by Qualcomm

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm