CVE-2024-21474: Qualcomm did not disclose technical details. Could this situation cause this problem? (6th May 2024)

Preface: The Qualcomm Snapdragon X65 5G Modem is the baseband chipset used in the iPad Pro (11-inch) (4th generation), iPad Pro (12.9-inch) (6th generation), iPhone 14, iPhone 14 Plus, iPhone 14 Pro and iPhone 14 Pro Max.

Background: A power management integrated circuit (PMIC) is used to manage power on an electronic devices or in modules on devices that may have a range of voltages. The PMIC manages battery power charging and sleep modes, DC-to-DC conversion, scaling of voltages down or up, among others.

Vulnerability details: Memory corruption when size of buffer from previous call is used without validation or re-initialization.

Vulnerability Type: CWE-121 Stack-based Buffer Overflow

Official announcement: Please refer to the link for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html

https://nvd.nist.gov/vuln/detail/CVE-2024-21474

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.