Cyber Posture

CVE-2024-45542

High

Published: 06 January 2025

Published
06 January 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45542 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the specific memory corruption flaw in the Qualcomm WLAN driver by identifying, prioritizing, and applying vendor patches as described in the January 2025 security bulletin.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like non-executable memory, stack canaries, and ASLR to protect against stack-based buffer overflows and out-of-bounds writes triggered by malicious IOCTL calls.

SI-10 Information Input Validation good match
prevent

Requires validation of IOCTL inputs from user-space to the WLAN driver to reject malformed board data that could cause memory corruption.

NVD Description

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

Deeper analysisAI

CVE-2024-45542 is a memory corruption vulnerability triggered when an IOCTL call is invoked from user-space to write board data to the WLAN driver. It is associated with CWE-121 (stack-based buffer overflow) and CWE-787 (out-of-bounds write) and affects Qualcomm WLAN drivers. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-06.

A local attacker with low privileges can exploit this issue by crafting and sending a malicious IOCTL call to the WLAN driver from user-space. Successful exploitation leads to memory corruption, enabling high-impact effects on confidentiality, integrity, and availability, such as potential arbitrary code execution or system denial of service.

Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on mitigation, including affected products and recommended patches.

Details

CWE(s)
CWE-121CWE-787

Affected Products

qualcomm
aqt1000 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qca1062 firmware
all versions
qualcomm
qca1064 firmware
all versions
qualcomm
qca2062 firmware
all versions
qualcomm
qca2064 firmware
all versions
+41 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-45541Same product: Qualcomm Aqt1000
CVE-2024-45560Same product: Qualcomm Aqt1000
CVE-2024-45561Same product: Qualcomm Aqt1000
CVE-2025-47359Same product: Qualcomm Aqt1000
CVE-2025-59603Same product: Qualcomm Fastconnect 6900
CVE-2026-21378Same product: Qualcomm Aqt1000
CVE-2025-47346Same product: Qualcomm Fastconnect 6200
CVE-2026-21371Same product: Qualcomm Aqt1000
CVE-2025-47391Same product: Qualcomm Fastconnect 6200
CVE-2026-21374Same product: Qualcomm Aqt1000

References