CVE-2024-43055
Published: 03 March 2025
Summary
CVE-2024-43055 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements memory safeguards such as address space layout randomization, stack canaries, and data execution prevention to directly mitigate memory corruption from malformed camera IOCTL calls.
Requires validation of IOCTL parameters for camera use cases to prevent buffer overflows and subsequent memory corruption by local low-privilege attackers.
Directly addresses the vulnerability by identifying, prioritizing, and applying Qualcomm patches for this specific memory corruption flaw in camera IOCTL processing.
NVD Description
Memory corruption while processing camera use case IOCTL call.
Deeper analysisAI
CVE-2024-43055 is a memory corruption vulnerability (CWE-120) triggered during the processing of camera use case IOCTL calls in Qualcomm components. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact with local access required.
A local attacker possessing low privileges can exploit this issue with low attack complexity and without requiring user interaction. Exploitation enables high confidentiality, integrity, and availability impacts, such as unauthorized data access, modification, or denial of service through memory corruption.
Qualcomm's March 2025 Security Bulletin provides details on affected products, patches, and mitigation guidance; see https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html for implementation steps.
Details
- CWE(s)