CVE-2024-45541
Published: 06 January 2025
Summary
CVE-2024-45541 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of input buffer sizes in IOCTL handlers from user-space to prevent buffer copy without size checking leading to memory corruption.
Implements memory protection mechanisms like stack guards and ASLR to mitigate exploitation of memory corruption vulnerabilities in kernel IOCTL processing.
Mandates timely flaw remediation through application of Qualcomm patches to eliminate the specific buffer overflow vulnerability.
NVD Description
Memory corruption when IOCTL call is invoked from user-space to read board data.
Deeper analysisAI
CVE-2024-45541 is a memory corruption vulnerability classified under CWE-120 (Buffer Copy without Checking Size of Input), triggered when an IOCTL call is invoked from user-space to read board data. It affects Qualcomm components, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-01-06.
A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction. Exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise.
Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on affected products and recommended mitigations, including available patches.
Details
- CWE(s)