CVE-2024-38411
Published: 03 February 2025
Summary
CVE-2024-38411 is a medium-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-38411 is a memory corruption vulnerability classified under CWE-416 (Use After Free), occurring during the registration of a buffer from user-space to kernel-space via IOCTL calls. It affects components in Qualcomm products, as documented in their February 2025 security bulletin. The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L), indicating local access is required with high confidentiality impact potential.
A local attacker with low privileges can exploit this issue through crafted IOCTL calls, requiring low attack complexity and no user interaction. Exploitation triggers memory corruption, enabling unauthorized access to sensitive data (high confidentiality impact), limited integrity modifications, and minor availability disruptions, all within the unchanged security scope.
Qualcomm has addressed this vulnerability in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, which provides details on affected products and recommended mitigations or patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37107
Vulnerability details
Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption (UAF via IOCTL) directly enables exploitation for privilege escalation from low-privileged user space.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2024-38411 by requiring timely identification, reporting, and patching of the specific use-after-free flaw in kernel buffer registration via IOCTL.
Implements memory protection mechanisms such as ASLR and non-executable memory to comprehensively prevent exploitation of memory corruption vulnerabilities like this use-after-free in kernel space.
Requires validation of user-space buffer inputs during IOCTL calls to address malformed data that triggers the use-after-free memory corruption.