Memory corruption while redirecting log file to any file location with any file name.
The vulnerability results from insufficient input validation (CWE-20) and out-of-bounds write (CWE-787). During the log file redirection operation to a path and filename specified by the attacker, improperly handled data leads to corruption of the process memory areas. Due to the network attack vector (AV:N) and lack of requirements for user privileges and interaction, the exploit can be conducted remotely without any authorization.
An attacker can gain full control over the vulnerable device, including the ability to read and modify data and disrupt its operation. In the worst-case scenario, remote code execution (RCE) is possible with the privileges level of the process handling the logs.
Apply patches available from the manufacturer in accordance with the Qualcomm security bulletin from April 2024: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html
Firmware of chipsets: Qualcomm AR8035, AR9380, CSR8811 and other products listed in the Qualcomm security bulletin from April 2024 — the complete list is available in the manufacturer's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQualcomm Ar8035
HWQualcommwszystkie wersjeQualcomm Ar8035 Firmware
OSQualcommwszystkie wersjeQualcomm Ar9380
HWQualcommwszystkie wersjeQualcomm Ar9380 Firmware
OSQualcommwszystkie wersjeQualcomm Csr8811
HWQualcommwszystkie wersjeQualcomm Csr8811 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 6900
HWQualcommwszystkie wersjeQualcomm Fastconnect 6900 Firmware
OSQualcommwszystkie wersjeQualcomm Fastconnect 7800
HWQualcommwszystkie wersjeQualcomm Fastconnect 7800 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 214
HWQualcommwszystkie wersjeQualcomm Immersive Home 214 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 216
HWQualcommwszystkie wersjeQualcomm Immersive Home 216 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 316
HWQualcommwszystkie wersjeQualcomm Immersive Home 316 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 318
HWQualcommwszystkie wersjeQualcomm Immersive Home 318 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 3210
HWQualcommwszystkie wersjeQualcomm Immersive Home 3210 Firmware
OSQualcommwszystkie wersjeQualcomm Immersive Home 326
HWQualcommwszystkie wersjeQualcomm Immersive Home 326 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq4018
HWQualcommwszystkie wersjeQualcomm Ipq4018 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq4019
HWQualcommwszystkie wersjeQualcomm Ipq4019 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq4028
HWQualcommwszystkie wersjeQualcomm Ipq4028 Firmware
OSQualcommwszystkie wersjeQualcomm Ipq4029
HWQualcommwszystkie wersjeQualcomm Ipq4029 Firmware
OSQualcommwszystkie wersje
Related vulnerabilities
Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR
Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)
Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania
Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware
Qualcomm Snapdragon – memory corruption przy przekierowaniu pliku logów