Cyber Resilience

CVE-2024-45542

High

Published: 06 January 2025

Published
06 January 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45542 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-45542 is a memory corruption vulnerability triggered when an IOCTL call is invoked from user-space to write board data to the WLAN driver. It is associated with CWE-121 (stack-based buffer overflow) and CWE-787 (out-of-bounds write) and affects Qualcomm WLAN drivers. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-06.

A local attacker with low privileges can exploit this issue by crafting and sending a malicious IOCTL call to the WLAN driver from user-space. Successful exploitation leads to memory corruption, enabling high-impact effects on confidentiality, integrity, and availability, such as potential arbitrary code execution or system denial of service.

Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on mitigation, including affected products and recommended patches.

EU & UK References

Vulnerability details

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local stack-based buffer overflow in WLAN driver via malicious IOCTL enables kernel-level arbitrary code execution from low-privileged user space, directly mapping to Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45541Same product: Qualcomm Aqt1000
CVE-2024-45560Same product: Qualcomm Aqt1000
CVE-2024-45561Same product: Qualcomm Aqt1000
CVE-2025-47359Same product: Qualcomm Aqt1000
CVE-2025-59603Same product: Qualcomm Fastconnect 6900
CVE-2026-21378Same product: Qualcomm Aqt1000
CVE-2025-47346Same product: Qualcomm Fastconnect 6200
CVE-2026-21371Same product: Qualcomm Aqt1000
CVE-2025-47391Same product: Qualcomm Fastconnect 6200
CVE-2026-21374Same product: Qualcomm Aqt1000

Affected Assets

qualcomm
aqt1000 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6800 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qca1062 firmware
all versions
qualcomm
qca1064 firmware
all versions
qualcomm
qca2062 firmware
all versions
qualcomm
qca2064 firmware
all versions
+41 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific memory corruption flaw in the Qualcomm WLAN driver by identifying, prioritizing, and applying vendor patches as described in the January 2025 security bulletin.

prevent

Implements memory safeguards like non-executable memory, stack canaries, and ASLR to protect against stack-based buffer overflows and out-of-bounds writes triggered by malicious IOCTL calls.

prevent

Requires validation of IOCTL inputs from user-space to the WLAN driver to reject malformed board data that could cause memory corruption.

References