CVE-2024-21472
High
Published: 01 April 2024
Published
01 April 2024
Modified
13 January 2025
KEV Added
—
Patch
—
CVSS Score v3.1
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0006
19.1th percentile
Risk Priority
17
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-21472 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19181
Vulnerability details
Memory corruption in Kernel while handling GPU operations.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
qualcomm
qca6574 firmware
all versions
qualcomm
qca6574a firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6584au firmware
all versions
+29 more product configuration(s) — see NVD for full list
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
addresses: CWE-416
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.