The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-23350

CVE-2024-23350: Qualcomm Wsa8845h Firmware DOS Flaw

CVE-2024-23350 is a denial of service vulnerability in Qualcomm Wsa8845h Firmware caused by DL NAS transport processing errors. This article covers the technical details, affected versions, security impact, and mitigation.

Updated: January 22, 2026

CVE-2024-23350 Overview

CVE-2024-23350 is a Denial of Service vulnerability affecting multiple Qualcomm chipsets and firmware components. The vulnerability occurs when the Downlink (DL) Non-Access Stratum (NAS) transport layer receives multiple payloads in a specific combination: one payload containing a Steering of Roaming (SOR) container with a failed integrity check, and another payload containing Location Positioning Protocol (LPP) data requiring the User Equipment (UE) to send a status message back to the network. This condition can cause a permanent denial of service on affected devices.

Critical Impact

This vulnerability enables a permanent denial of service condition on affected Qualcomm-based devices, potentially rendering mobile devices and automotive systems inoperable until physical intervention or device reset is performed.

Affected Products

  • Qualcomm Snapdragon X75 5G Modem-RF System
  • Qualcomm Snapdragon X72 5G Modem-RF System
  • Qualcomm Snapdragon X35 5G Modem-RF System
  • Qualcomm Snapdragon Auto 5G Modem-RF Gen 2
  • Qualcomm Snapdragon 8 Gen 3 Mobile Platform
  • Qualcomm FastConnect 7800 and 6900
  • Qualcomm WSA8845H, WSA8845, WSA8840 (Smart Amplifiers)
  • Qualcomm WCD9395, WCD9390, WCD9340 (Audio Codecs)
  • Qualcomm QCA6698AQ, QCA6584AU, QCA6174A (Wireless Connectivity)

Discovery Timeline

  • August 5, 2024 - CVE-2024-23350 published to NVD
  • November 26, 2024 - Last updated in NVD database

Technical Details for CVE-2024-23350

Vulnerability Analysis

This vulnerability exists in the NAS transport layer processing logic within Qualcomm 5G modem firmware. The flaw is classified under CWE-617 (Reachable Assertion), indicating that the modem firmware encounters an assertion failure condition when processing the specific combination of malformed payloads. When a DL NAS transport message contains both a SOR container with integrity check failure and an LPP payload requiring UE response, the firmware fails to properly handle this edge case, resulting in a permanent device crash.

The attack requires adjacent network access, meaning an attacker must be within radio range of the victim device or have control over a base station or rogue cell tower. No privileges or user interaction are required to trigger the vulnerability, making it particularly dangerous in scenarios involving malicious cellular infrastructure.

Root Cause

The root cause is improper handling of concurrent NAS transport payloads with conflicting integrity states. When the SOR container integrity check fails, the firmware should gracefully reject the message. However, when combined with an LPP payload that triggers an outbound status message, the firmware enters an inconsistent state. The assertion failure (CWE-617) indicates that the code encounters a condition that developers assumed would never occur, causing the system to terminate unexpectedly rather than recovering gracefully.

Attack Vector

The attack is conducted via adjacent network access, typically through:

  1. Rogue Base Station Attack: An attacker sets up a malicious cellular base station (femtocell or SDR-based) within proximity to the target device
  2. Crafted NAS Message Delivery: The attacker transmits a specially crafted DL NAS transport message containing the malicious payload combination
  3. Payload Composition: The message includes a SOR container designed to fail integrity verification alongside an LPP payload that would normally require a UE response
  4. Device Crash: The affected modem firmware crashes permanently, requiring device restart or potentially physical intervention

The vulnerability affects the modem subsystem independently of the application processor, meaning the denial of service impacts all cellular connectivity functions.

Detection Methods for CVE-2024-23350

Indicators of Compromise

  • Unexpected modem crashes or device freezes when connected to cellular networks
  • Repeated modem subsystem restarts in device logs without apparent cause
  • Loss of cellular connectivity in specific geographic areas (indicating possible rogue cell activity)
  • Crash dumps or kernel logs showing modem assertion failures related to NAS processing

Detection Strategies

  • Monitor device telemetry for modem subsystem crashes and assertion failures
  • Implement cellular network anomaly detection to identify rogue base stations
  • Deploy Mobile Threat Defense (MTD) solutions capable of detecting suspicious cellular behavior
  • Analyze baseband logs for NAS transport processing errors or unexpected message sequences

Monitoring Recommendations

  • Enable enhanced logging for modem subsystem events on managed devices
  • Implement fleet-wide monitoring for coordinated modem crash patterns that may indicate active exploitation
  • Correlate device crash reports with geographic locations to identify potential malicious cell sites
  • Establish baseline modem stability metrics to detect anomalous crash rates

How to Mitigate CVE-2024-23350

Immediate Actions Required

  • Apply firmware updates from Qualcomm and device OEMs as they become available
  • Review the Qualcomm Security Bulletin August 2024 for specific patch information
  • Inventory all devices using affected Qualcomm chipsets in your environment
  • Prioritize updates for devices in high-risk environments such as automotive and enterprise deployments

Patch Information

Qualcomm has addressed this vulnerability in their August 2024 Security Bulletin. Device manufacturers (OEMs) are responsible for integrating and distributing firmware updates to end users. Organizations should contact their device vendors for specific patch availability timelines. The patch addresses the assertion failure condition by implementing proper error handling when processing concurrent NAS payloads with conflicting integrity states.

For detailed patch information and affected chipset specifics, refer to the Qualcomm Security Bulletin August 2024.

Workarounds

  • Where feasible, limit device exposure to untrusted cellular networks until patches are applied
  • Enable Wi-Fi calling as an alternative connectivity method in controlled environments
  • For automotive and IoT deployments, consider network segmentation to limit impact of modem crashes
  • Monitor for OEM-specific guidance as some manufacturers may provide interim mitigations

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechQualcomm
  • SeverityMEDIUM
  • CVSS Score6.5
  • EPSS Probability0.10%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-617
  • Vendor Resources
  • Qualcomm Security Bulletin August 2024
  • Related CVEs
  • CVE-2025-47384: Qualcomm 5G FWA Platform DOS Vulnerability
  • CVE-2025-47371: Qualcomm 5G FWA Platform DOS Vulnerability
  • CVE-2025-47378: Qualcomm Cologne Information Disclosure
  • CVE-2025-47379: Qualcomm Sa8295p Race Condition Flaw
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English