CVE-2024-38412
Published: 03 February 2025
Summary
CVE-2024-38412 is a medium-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 7800 Firmware. Its CVSS base score is 6.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-38412 is a memory corruption vulnerability classified under CWE-416 (Use After Free), occurring while invoking IOCTL calls from user-space to kernel-space to handle session errors. It affects Qualcomm components, as documented in their security advisories.
The vulnerability carries a CVSS v3.1 base score of 6.6 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L). A local attacker with low privileges can exploit it with low attack complexity and no user interaction required. Successful exploitation enables low-impact confidentiality and availability violations alongside high-impact integrity violations, potentially allowing data tampering or limited code execution in kernel space.
Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, details affected products and recommends applying available patches for mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37108
Vulnerability details
Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption (UAF via IOCTL) directly enables privilege escalation to kernel code execution/tampering.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2024-38412 by requiring timely application of vendor patches to remediate the Use After Free vulnerability in the IOCTL handler.
Kernel memory protections such as address space randomization and guard pages prevent exploitation of the Use After Free memory corruption during user-to-kernel IOCTL calls.
Validates user-space inputs to IOCTL calls, reducing the risk of triggering the memory corruption in session error handling code.