← Back
CVE-2020-24588
CVE-2020-24588
AI summary snake-internal / snake-template-v1
A weakness called CVE-2020-24588 was discovered in the affected product.
Severity is Info. Low severity or not yet rated.
What you should do: update the affected software to the latest version. If unsure, ask your IT team or search the vendor's site for "the product CVE-2020-24588".
CVE-2020-24588 (the affected product). Severity: Info.
Response plan:
1. Check the vendor advisory for affected versions and the patched release.
2. If a vulnerable version is running in production, schedule maintenance (urgency from KEV/CVSS).
3. If no patch yet, mitigate via WAF rule, disabling the affected feature, etc.
4. Monitor logs / SIEM for known IOC and PoC signatures of this CVE.
PoCs and fix commits: see the 'References' section, MITRE, and NVD.
❓ What is the problem
A weakness (CVE-2020-24588) in the affected product. A serious software flaw has been identified.
📍 Affected scope
Target versions of the affected product (see vendor advisory). If running in production, identify exposure immediately.
🔥 Severity
Severity: Info. Low severity or not yet rated.
🔧 How to fix
Update to the patched release as listed in the vendor advisory.
🛡️ Workaround
If a patch is not yet available, consider disabling the affected feature, applying WAF rules, blocking via network ACLs, or isolating the vulnerable version.
🔍 Detection
Check version information, scan dependencies via SBOM, and monitor SIEM for IOC and PoC signatures related to this CVE.
Affected packages
Android
:linux_kernel:Qualcomm
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
Android
oss/wigig-utils
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
Android
platform/vendor/qcom-opensource/wlan/prima
[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2021-10-05"}]}]
References
- advisory https://source.android.com/security/bulletin/2021-10-01
- patch https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/prima/commit/?id=92d43ef6f275d90c352cc73e6cc1eb1db9eda9c3
- patch https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=b2c81339a9c4041c03a9b3f023fbd50627d7b69a
- patch https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id=28ee8b8cd94976d19b27b1f7f62283ac190de47d
- patch https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id=47740835afcea2c564589dd708d69271f482cfb5
- patch https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=669896525ec2f1c0e0f7f644c65f4997cbc2398b
- patch https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=aed8f80bd041daa066d66e91ad34dc053227bf57