CVE-2024-38415
📋 TL;DR
This CVE describes a use-after-free vulnerability (CWE-416) in Qualcomm firmware that occurs when handling session errors. An attacker could exploit this memory corruption to execute arbitrary code or cause denial of service. The vulnerability affects devices with Qualcomm chipsets, particularly mobile devices and IoT products.
💻 Affected Systems
- Qualcomm chipsets and associated firmware
📦 What is this software?
Flight Rb5 5g Platform Firmware by Qualcomm
Smart Audio 400 Platform Firmware by Qualcomm
Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →
Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 2 Mobile Platform Firmware →
Snapdragon 439 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 439 Mobile Platform Firmware →
Snapdragon 460 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 460 Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 660 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 660 Mobile Platform Firmware →
Snapdragon 662 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 662 Mobile Platform Firmware →
Snapdragon 670 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 670 Mobile Platform Firmware →
Snapdragon 680 4g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 680 4g Mobile Platform Firmware →
Snapdragon 685 4g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 685 4g Mobile Platform Firmware →
Snapdragon 690 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 690 5g Mobile Platform Firmware →
Snapdragon 695 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →
Snapdragon 710 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 710 Mobile Platform Firmware →
Snapdragon 750g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 750g 5g Mobile Platform Firmware →
Snapdragon 765 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 765 5g Mobile Platform Firmware →
Snapdragon 765g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 765g 5g Mobile Platform Firmware →
Snapdragon 768g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 768g 5g Mobile Platform Firmware →
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 780g 5g Mobile Platform Firmware →
Snapdragon 782g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 782g Mobile Platform Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 870 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 870 5g Mobile Platform Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon X12 Lte Modem Firmware by Qualcomm
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X62 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X62 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon Xr1 Platform Firmware by Qualcomm
Snapdragon Xr2 5g Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →
Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2\+ Gen 1 Platform Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
Video Collaboration Vc3 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc3 Platform Firmware →
Video Collaboration Vc5 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc5 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Local privilege escalation or denial of service causing device instability or crashes.
If Mitigated
Limited impact with proper memory protection mechanisms and exploit mitigations in place.
🎯 Exploit Status
Exploitation requires triggering specific session error conditions in firmware. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm security bulletin for specific patched firmware versions
Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
Restart Required: Yes
Instructions:
1. Check Qualcomm advisory for affected chipset versions. 2. Contact device manufacturer for firmware updates. 3. Apply firmware patches provided by OEM. 4. Reboot device after update.
🔧 Temporary Workarounds
Disable unnecessary firmware features
allReduce attack surface by disabling non-essential firmware services if possible
Implement memory protection
linuxEnable ASLR and other memory protection mechanisms at OS level
echo 2 > /proc/sys/kernel/randomize_va_space
🧯 If You Can't Patch
- Isolate affected devices from untrusted networks
- Implement strict application control to prevent malicious apps from accessing firmware interfaces
🔍 How to Verify
Check if Vulnerable:
Check device chipset version and firmware build date against Qualcomm advisoryCheck Version:
cat /proc/cpuinfo | grep -i qualcommVerify Fix Applied:
Verify firmware version has been updated to patched version from manufacturer📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Firmware crash dumps
- Unexpected session termination in firmware logs
Network Indicators:
- Unusual firmware communication patterns
- Attempts to trigger session errors
SIEM Query:
source="kernel" AND ("panic" OR "oops") AND "qualcomm"