Cyber Resilience

CVE-2024-38412

Medium

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0008 23.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38412 is a medium-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 7800 Firmware. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-38412 is a memory corruption vulnerability classified under CWE-416 (Use After Free), occurring while invoking IOCTL calls from user-space to kernel-space to handle session errors. It affects Qualcomm components, as documented in their security advisories.

The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L). A local attacker with low privileges can exploit it with low attack complexity and no user interaction required. Successful exploitation enables low-impact confidentiality and availability violations alongside high-impact integrity violations, potentially allowing data tampering or limited code execution in kernel space.

Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, details affected products and recommends applying available patches for mitigation.

EU & UK References

Vulnerability details

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption (UAF via IOCTL) directly enables privilege escalation to kernel code execution/tampering.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-38413Same product: Qualcomm Fastconnect 7800
CVE-2024-33059Same product: Qualcomm Fastconnect 7800
CVE-2024-38411Same product: Qualcomm Fastconnect 7800
CVE-2024-33055Same product: Qualcomm Fastconnect 7800
CVE-2025-47358Same product: Qualcomm Fastconnect 7800
CVE-2024-45580Same product: Qualcomm Fastconnect 7800
CVE-2026-21380Same product: Qualcomm Fastconnect 7800
CVE-2025-47359Same product: Qualcomm Fastconnect 7800
CVE-2024-53023Same product: Qualcomm Fastconnect 7800
CVE-2024-45553Same product: Qualcomm Fastconnect 7800

Affected Assets

qualcomm
fastconnect 7800 firmware
all versions
qualcomm
snapdragon 8 gen 3 mobile firmware
all versions
qualcomm
wcd9390 firmware
all versions
qualcomm
wcd9395 firmware
all versions
qualcomm
wsa8840 firmware
all versions
qualcomm
wsa8845 firmware
all versions
qualcomm
wsa8845h firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-38412 by requiring timely application of vendor patches to remediate the Use After Free vulnerability in the IOCTL handler.

prevent

Kernel memory protections such as address space randomization and guard pages prevent exploitation of the Use After Free memory corruption during user-to-kernel IOCTL calls.

prevent

Validates user-space inputs to IOCTL calls, reducing the risk of triggering the memory corruption in session error handling code.

References