CVE-2024-23377

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Compute up to WSA8845H EVA driver (affected versions not specified)

Description The issue is related to memory corruption that occurs when a user invokes an IOCTL command from user-space and modifies the original packet size of the command after system properties have been sent to the EVA driver. This can lead to potential local attacks.

Recommendations For Qualcomm Snapdragon Compute up to WSA8845H, upgrade affected components immediately. For the EVA driver, at the moment, there is no information about a newer version that contains a fix for this vulnerability.