CVE-2024-38408 | Cryptographic Issues in BT Controller

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

Published: 2024-11-04 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2024-38408 is rated Low Risk (33.8/100): CVSS High severity, with low exploitation likelihood (EPSS 0.15%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-38408

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.60% 0.15% -0.45%
2 2026-03-26 0.44% 0.60% +0.16%
3 2026-01-27 0.44%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-38408

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.2 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 4.2 [email protected]
9.1 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 5.2 [email protected]

Weakness enumeration for CVE-2024-38408

Affected software / configurations for CVE-2024-38408

Vendor Product Version Raw CPE
qualcomm wsa8845h_firmware cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8845_firmware cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8840_firmware cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8835_firmware cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8832_firmware cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8830_firmware cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8815_firmware cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
qualcomm wsa8810_firmware cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
qualcomm wcn7881_firmware cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:*
qualcomm wcn7880_firmware cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*
qualcomm wcn7861_firmware cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*
qualcomm wcn7860_firmware cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*
qualcomm wcn6755_firmware cpe:2.3:o:qualcomm:wcn6755_firmware:-:*:*:*:*:*:*:*
qualcomm wcn6740_firmware cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*
qualcomm wcn3988_firmware cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
qualcomm wcn3980_firmware cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
qualcomm wcn3950_firmware cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9395_firmware cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9390_firmware cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9385_firmware cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9380_firmware cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9375_firmware cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9370_firmware cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9360_firmware cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9341_firmware cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
qualcomm wcd9340_firmware cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
qualcomm sxr2250p_firmware cpe:2.3:o:qualcomm:sxr2250p_firmware:-:*:*:*:*:*:*:*
qualcomm sxr2230p_firmware cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*
qualcomm sxr2130_firmware cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
qualcomm sxr1230p_firmware cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*
qualcomm sw5100p_firmware cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*
qualcomm sw5100_firmware cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*
qualcomm ssg2125p_firmware cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*
qualcomm ssg2115p_firmware cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*
qualcomm srv1m_firmware cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*
qualcomm srv1l_firmware cpe:2.3:o:qualcomm:srv1l_firmware:-:*:*:*:*:*:*:*
qualcomm srv1h_firmware cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_auto_4g_modem_firmware cpe:2.3:o:qualcomm:snapdragon_auto_4g_modem_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_xr2\+_gen_1_platform_firmware cpe:2.3:o:qualcomm:snapdragon_xr2\+_gen_1_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_xr2_5g_platform_firmware cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x75_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x72_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x65_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x65_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x62_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x62_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x55_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_x35_5g_modem-rf_system_firmware cpe:2.3:o:qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_w5\+_gen_1_wearable_platform_firmware cpe:2.3:o:qualcomm:snapdragon_w5\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_auto_5g_modem-rf_firmware cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_ar2_gen_1_platform_firmware cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmware cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmware cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmware cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmware cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmware cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmware cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmware cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_888\+_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_888\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_888_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_870_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_865\+_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_865\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_865_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_855\+\/860_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_855\+\/860_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_855_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_855_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8\+_gen_2_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8\+_gen_1_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_8\+_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8_gen_3_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8_gen_2_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_8_gen_1_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_7c\+_gen_3_compute_firmware cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmware cpe:2.3:o:qualcomm:snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_7c_compute_platform_firmware cpe:2.3:o:qualcomm:snapdragon_7c_compute_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_782g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_782g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_780g_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_780g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_778g\+_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_778g\+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_778g_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_778g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_768g_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_768g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_765g_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_765g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_765_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_765_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*
qualcomm snapdragon_750g_5g_mobile_platform_firmware cpe:2.3:o:qualcomm:snapdragon_750g_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*

References for CVE-2024-38408

cvelogic Threat Intelligence