Cyber Resilience

CVE-2024-45541

High

Published: 06 January 2025

Published
06 January 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45541 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-45541 is a memory corruption vulnerability classified under CWE-120 (Buffer Copy without Checking Size of Input), triggered when an IOCTL call is invoked from user-space to read board data. It affects Qualcomm components, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-01-06.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction. Exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise.

Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on affected products and recommended mitigations, including available patches.

EU & UK References

Vulnerability details

Memory corruption when IOCTL call is invoked from user-space to read board data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption via IOCTL buffer overflow directly enables kernel-level privilege escalation from low-privileged user space.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45542Same product: Qualcomm Aqt1000
CVE-2025-47394Same product: Qualcomm Fastconnect 6200
CVE-2025-47388Same product: Qualcomm Fastconnect 6200
CVE-2024-45547Same product: Qualcomm Fastconnect 6900
CVE-2024-21464Same product: Qualcomm Fastconnect 6700
CVE-2026-21382Same product: Qualcomm Fastconnect 6900
CVE-2025-47389Same product: Qualcomm Fastconnect 6200
CVE-2024-43055Same product: Qualcomm Fastconnect 6900
CVE-2024-45560Same product: Qualcomm Aqt1000
CVE-2025-47399Same product: Qualcomm Fastconnect 7800

Affected Assets

qualcomm
aqt1000 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qca1062 firmware
all versions
qualcomm
qca1064 firmware
all versions
qualcomm
qca2062 firmware
all versions
qualcomm
qca2064 firmware
all versions
+41 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of input buffer sizes in IOCTL handlers from user-space to prevent buffer copy without size checking leading to memory corruption.

prevent

Implements memory protection mechanisms like stack guards and ASLR to mitigate exploitation of memory corruption vulnerabilities in kernel IOCTL processing.

prevent

Mandates timely flaw remediation through application of Qualcomm patches to eliminate the specific buffer overflow vulnerability.

References