الثغرات ›

CVE-2026-24092

مرتفع

CWE-1286 — نوع الضعف

                    نُشر: Jun 1, 2026                      ·  آخر تحديث: Jun 8, 2026                      ·  المصدر: NVD                

CVSS v3

7.2

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

Memory Corruption when processing fastboot commands to set display mode.

🤖 ملخص AI

CVE-2026-24092 is a high-severity memory corruption vulnerability in Qualcomm firmware affecting multiple chipsets used in networking and IoT devices. The vulnerability exists in fastboot command processing for display mode configuration, potentially allowing local attackers to execute arbitrary code or cause denial of service. This impacts Saudi organizations relying on Qualcomm-based networking infrastructure, particularly in telecommunications and enterprise environments.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: Jun 6, 2026 18:16

🇸🇦 التأثير على المملكة العربية السعودية

Telecommunications sector (STC, Mobily, Zain) faces significant risk as these Qualcomm chipsets are commonly used in network infrastructure and 5G equipment. Banking and financial institutions using Qualcomm-based networking devices for secure communications are at moderate risk. Government agencies and critical infrastructure operators managing network equipment require immediate assessment. Healthcare sector utilizing networked medical devices with affected Qualcomm components may experience service disruptions. Energy sector (ARAMCO) infrastructure relying on IoT and networking equipment could be compromised.

🏢 القطاعات السعودية المتأثرة

Telecommunications Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Critical Infrastructure Enterprise IT

🎯 تقنيات MITRE ATT&CK

T1542 — Pre-OS Boot (Firmware modification) T1548 — Abuse Elevation Control Mechanism T1499 — Endpoint Denial of Service T1203 — Exploitation for Client Execution T1561 — Disk Wipe

⚖️ درجة المخاطر السعودية (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE ACTIONS:

   - Inventory all devices using affected Qualcomm chipsets (AR8031, AR8035, Cologne, CQ series, CSRA series, FastConnect 6200/6700)

   - Restrict physical access to devices with fastboot capabilities

   - Disable fastboot functionality where operationally feasible

   - Monitor for unauthorized fastboot command attempts



2. PATCHING GUIDANCE:

   - Contact Qualcomm for firmware updates addressing CVE-2026-24092

   - Prioritize patching in production network infrastructure

   - Test patches in non-production environments before deployment

   - Establish firmware update schedule for all affected devices



3. COMPENSATING CONTROLS:

   - Implement physical security controls restricting device access

   - Deploy network segmentation isolating affected devices

   - Enable secure boot and firmware verification mechanisms

   - Implement access controls for fastboot interfaces



4. DETECTION RULES:

   - Monitor system logs for fastboot command execution attempts

   - Alert on memory corruption errors or unexpected device reboots

   - Track firmware modification attempts

   - Monitor for display mode configuration changes via fastboot

🔧 خطوات المعالجة (العربية)

1. الإجراءات الفورية:

   - جرد جميع الأجهزة التي تستخدم رقاقات Qualcomm المتأثرة (AR8031, AR8035, Cologne, سلسلة CQ, سلسلة CSRA, FastConnect 6200/6700)

   - تقييد الوصول المادي للأجهزة ذات قدرات fastboot

   - تعطيل وظيفة fastboot حيث يكون ذلك ممكناً من الناحية التشغيلية

   - مراقبة محاولات أوامر fastboot غير المصرح بها



2. إرشادات التصحيح:

   - الاتصال بـ Qualcomm للحصول على تحديثات البرامج الثابتة التي تعالج CVE-2026-24092

   - إعطاء الأولوية لتصحيح البنية التحتية للشبكة الإنتاجية

   - اختبار التصحيحات في بيئات غير الإنتاج قبل النشر

   - إنشاء جدول تحديث البرامج الثابتة لجميع الأجهزة المتأثرة



3. الضوابط البديلة:

   - تنفيذ ضوابط الأمان المادي التي تقيد الوصول للأجهزة

   - نشر تقسيم الشبكة لعزل الأجهزة المتأثرة

   - تفعيل التحقق الآمن من الإقلاع والبرامج الثابتة

   - تنفيذ ضوابط الوصول لواجهات fastboot



4. قواعد الكشف:

   - مراقبة سجلات النظام لمحاولات تنفيذ أوامر fastboot

   - التنبيه على أخطاء فساد الذاكرة أو إعادة تشغيل الأجهزة غير المتوقعة

   - تتبع محاولات تعديل البرامج الثابتة

   - مراقبة التغييرات في تكوين وضع العرض عبر fastboot

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

ECC 2024 - 5.1.1 (Asset Management and Inventory) ECC 2024 - 5.2.1 (Vulnerability Management) ECC 2024 - 5.3.1 (Patch Management) ECC 2024 - 6.1.1 (Access Control and Authentication)

🔵 SAMA CSF

SAMA CSF - ID.AM-1 (Asset Management) SAMA CSF - ID.RA-1 (Risk Assessment) SAMA CSF - PR.IP-12 (System and Information Integrity) SAMA CSF - DE.CM-8 (Vulnerability Scans)

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.9 (Access Control) ISO 27001:2022 - A.8.1 (User Endpoint Devices) ISO 27001:2022 - A.8.2 (Privileged Access Rights) ISO 27001:2022 - A.14.2 (System Development and Change Management)

🟣 PCI DSS v4.0.1

PCI DSS 4.0 - 2.4 (Configure System Security Parameters) PCI DSS 4.0 - 6.2 (Ensure Security Patches Installed) PCI DSS 4.0 - 6.3.1 (Vulnerability Management Program)

🔗 المراجع والمصادر 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

product-security@qualcomm.com

Patch Vendor Advisory

📦 المنتجات المتأثرة 50 منتج

qualcomm:ar8031_firmware:-

qualcomm:ar8035_firmware:-

qualcomm:cologne_firmware:-

qualcomm:cq7790_firmware:-

qualcomm:cq8725s_firmware:-

qualcomm:cq8750m_firmware:-

qualcomm:csra6620_firmware:-

qualcomm:csra6640_firmware:-

qualcomm:fastconnect_6200_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:flight_rb5_5g_platform_firmware:-

qualcomm:fwa_gen_3_ultra_firmware:-

qualcomm:fwa_gen_5_elite_firmware:-

qualcomm:g1_gen_1_firmware:-

qualcomm:g2_gen_1_firmware:-

qualcomm:g3x_gen_2_firmware:-

qualcomm:iq-9075_firmware:-

qualcomm:kalpeni_firmware:-

qualcomm:kobuk_firmware:-

qualcomm:lemans_au_lgit_firmware:-

qualcomm:lemansau_firmware:-

qualcomm:milos_firmware:-

qualcomm:milos_iot_firmware:-

qualcomm:molokai_firmware:-

qualcomm:netrani_firmware:-

qualcomm:orne_firmware:-

qualcomm:palawan25_firmware:-

qualcomm:pandeiro_firmware:-

qualcomm:qam8255p_firmware:-

qualcomm:qam8295p_firmware:-

qualcomm:qam8397p_firmware:-

qualcomm:qam8797p_firmware:-

qualcomm:qamsrv1h_firmware:-

qualcomm:qamsrv1m_firmware:-

qualcomm:qca2066_firmware:-

qualcomm:qca6174a_firmware:-

qualcomm:qca6391_firmware:-

qualcomm:qca6564au_firmware:-

qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-

qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-

qualcomm:snapdragon_ar1_gen_1_platform_firmware:-

qualcomm:snapdragon_ar1\+_gen_1_platform_firmware:-

qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-

qualcomm:snapdragon_w5\+_gen_1_wearable_platform_firmware:-

qualcomm:snapdragon_x32_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-

📊 CVSS Score

7.2

/ 10.0 — مرتفع

📊 CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack VectorP — Physical

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 حقائق سريعة

الخطورة مرتفع

CVSS Score7.2

CWECWE-1286

EPSS0.02%

اختراق متاح لا

تصحيح متاح ✓ نعم

تاريخ النشر 2026-06-01

المصدر nvd

المشاهدات 1

🇸🇦 درجة المخاطر السعودية

7.8

/ 10.0 — مخاطر السعودية

أولوية: HIGH

🏷️ الوسوم

patch-available CWE-1286

🏢 توجيهات البائع

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 التعليقات

جارٍ التحميل

CVE-2026-24092

💬 التعليقات

عرّفنا بنفسك

تسجيل الدخول مطلوب