CVE-2024-21482

Name: CVE-2024-21482
Creator: NVD / NIST
Published: 2024-07-01T15:15:15.497+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.11%

Last modified Jun 17, 2026

CVE-2024-21482 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.. EPSS estimates a 0.11% chance of exploitation in the next 30 days.

Description

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.11%

1.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Qualcomm	Csr8811 Firmware	All versions
Qualcomm	Immersive Home 214 Platform Firmware	All versions
Qualcomm	Immersive Home 216 Platform Firmware	All versions
Qualcomm	Immersive Home 316 Platform Firmware	All versions
Qualcomm	Immersive Home 318 Platform Firmware	All versions
Qualcomm	Immersive Home 3210 Platform Firmware	All versions
Qualcomm	Immersive Home 326 Platform Firmware	All versions
Qualcomm	Ipq5010 Firmware	All versions
Qualcomm	Ipq5028 Firmware	All versions
Qualcomm	Ipq5302 Firmware	All versions
Qualcomm	Ipq5312 Firmware	All versions
Qualcomm	Ipq5332 Firmware	All versions
Qualcomm	Ipq6000 Firmware	All versions
Qualcomm	Ipq6010 Firmware	All versions
Qualcomm	Ipq6018 Firmware	All versions
Qualcomm	Ipq6028 Firmware	All versions
Qualcomm	Ipq8070a Firmware	All versions
Qualcomm	Ipq8071a Firmware	All versions
Qualcomm	Ipq8072a Firmware	All versions
Qualcomm	Ipq8074a Firmware	All versions
Qualcomm	Ipq8076 Firmware	All versions
Qualcomm	Ipq8076a Firmware	All versions
Qualcomm	Ipq8078 Firmware	All versions
Qualcomm	Ipq8078a Firmware	All versions
Qualcomm	Ipq8173 Firmware	All versions
Qualcomm	Ipq8174 Firmware	All versions
Qualcomm	Ipq9008 Firmware	All versions
Qualcomm	Ipq9554 Firmware	All versions
Qualcomm	Ipq9570 Firmware	All versions
Qualcomm	Ipq9574 Firmware	All versions
Qualcomm	Qca4024 Firmware	All versions
Qualcomm	Qca8075 Firmware	All versions
Qualcomm	Qca8081 Firmware	All versions
Qualcomm	Qca8082 Firmware	All versions
Qualcomm	Qca8084 Firmware	All versions
Qualcomm	Qca8085 Firmware	All versions
Qualcomm	Qca8386 Firmware	All versions
Qualcomm	Qca9888 Firmware	All versions
Qualcomm	Qca9889 Firmware	All versions
Qualcomm	Qcf8000 Firmware	All versions
Qualcomm	Qcf8001 Firmware	All versions
Qualcomm	Qcn5022 Firmware	All versions
Qualcomm	Qcn5024 Firmware	All versions
Qualcomm	Qcn5052 Firmware	All versions
Qualcomm	Qcn5122 Firmware	All versions
Qualcomm	Qcn5124 Firmware	All versions
Qualcomm	Qcn5152 Firmware	All versions
Qualcomm	Qcn5154 Firmware	All versions
Qualcomm	Qcn5164 Firmware	All versions
Qualcomm	Qcn6023 Firmware	All versions

Showing 50 of 69 affected configurations. See NVD for the full list.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.htmlPatch, Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.htmlPatch, Vendor Advisory

Timeline

Published: Jul 1, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-21482?

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image.

How severe is CVE-2024-21482?

CVE-2024-21482 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.11% probability of exploitation in the next 30 days.

How do I fix CVE-2024-21482?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-21482?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST