CVE-2024-45571
Published: 03 February 2025
Summary
CVE-2024-45571 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements memory protection mechanisms that directly prevent exploitation of Use After Free memory corruption in the WLAN interface handler.
Mandates timely flaw remediation by applying the Qualcomm February 2025 patch specifically addressing this CVE.
Supports vulnerability scanning to identify and prioritize this Qualcomm WLAN memory corruption vulnerability for remediation.
NVD Description
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Deeper analysisAI
CVE-2024-45571 is a memory corruption vulnerability, associated with CWE-416 (Use After Free), that may occur when stopping the WLAN interface after processing a WMI command from the interface. It affects Qualcomm components responsible for WLAN interface management.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity and requiring low privileges, with no user interaction needed and unchanged scope. A local attacker could exploit it to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise.
Qualcomm has addressed the issue in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html.
Details
- CWE(s)