Cyber Posture

CVE-2024-38411

Medium

Published: 03 February 2025

Published
03 February 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0008 23.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38411 is a medium-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 6.6 (Medium).

Operationally, ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2024-38411 by requiring timely identification, reporting, and patching of the specific use-after-free flaw in kernel buffer registration via IOCTL.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as ASLR and non-executable memory to comprehensively prevent exploitation of memory corruption vulnerabilities like this use-after-free in kernel space.

SI-10 Information Input Validation partial match
prevent

Requires validation of user-space buffer inputs during IOCTL calls to address malformed data that triggers the use-after-free memory corruption.

NVD Description

Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.

Deeper analysisAI

CVE-2024-38411 is a memory corruption vulnerability classified under CWE-416 (Use After Free), occurring during the registration of a buffer from user-space to kernel-space via IOCTL calls. It affects components in Qualcomm products, as documented in their February 2025 security bulletin. The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L), indicating local access is required with high confidentiality impact potential.

A local attacker with low privileges can exploit this issue through crafted IOCTL calls, requiring low attack complexity and no user interaction. Exploitation triggers memory corruption, enabling unauthorized access to sensitive data (high confidentiality impact), limited integrity modifications, and minor availability disruptions, all within the unchanged security scope.

Qualcomm has addressed this vulnerability in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, which provides details on affected products and recommended mitigations or patches.

Details

CWE(s)
CWE-416

Affected Products

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qcm8550 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
qcs8550 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sg8275p firmware
all versions
qualcomm
sm8550p firmware
all versions
qualcomm
snapdragon 8 gen 2 mobile firmware
all versions
qualcomm
snapdragon 8 gen 3 mobile firmware
all versions
+8 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-33059Same product: Qualcomm Fastconnect 6900
CVE-2024-33055Same product: Qualcomm Fastconnect 6900
CVE-2024-38412Same product: Qualcomm Fastconnect 7800
CVE-2025-47358Same product: Qualcomm Fastconnect 6900
CVE-2026-21380Same product: Qualcomm Fastconnect 6900
CVE-2024-45580Same product: Qualcomm Fastconnect 6900
CVE-2025-47359Same product: Qualcomm Fastconnect 6900
CVE-2024-43062Same product: Qualcomm Fastconnect 6900
CVE-2024-53023Same product: Qualcomm Fastconnect 6900
CVE-2024-43059Same product: Qualcomm Fastconnect 6900

References