CVE-2024-43055
Published: 03 March 2025
Summary
CVE-2024-43055 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-43055 is a memory corruption vulnerability (CWE-120) triggered during the processing of camera use case IOCTL calls in Qualcomm components. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact with local access required.
A local attacker possessing low privileges can exploit this issue with low attack complexity and without requiring user interaction. Exploitation enables high confidentiality, integrity, and availability impacts, such as unauthorized data access, modification, or denial of service through memory corruption.
Qualcomm's March 2025 Security Bulletin provides details on affected products, patches, and mitigation guidance; see https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html for implementation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5800
Vulnerability details
Memory corruption while processing camera use case IOCTL call.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption in Qualcomm driver IOCTL handling directly enables exploitation for privilege escalation from low-privileged local context to full system impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements memory safeguards such as address space layout randomization, stack canaries, and data execution prevention to directly mitigate memory corruption from malformed camera IOCTL calls.
Requires validation of IOCTL parameters for camera use cases to prevent buffer overflows and subsequent memory corruption by local low-privilege attackers.
Directly addresses the vulnerability by identifying, prioritizing, and applying Qualcomm patches for this specific memory corruption flaw in camera IOCTL processing.