CVE-2024-45573
Published: 03 February 2025
Summary
CVE-2024-45573 is a high-severity Use of Out-of-range Pointer Offset (CWE-823) vulnerability in Qualcomm Fastconnect 6700 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-45573 is a memory corruption vulnerability that may occur while generating test patterns due to negative indexing of a display ID. It is documented in Qualcomm's February 2025 security bulletin and is associated with CWE-823 (Use of Out-of-bounds Read) and CWE-119 (Buffer Overflow). The vulnerability has a CVSS v3.1 base score of 7.8 (High), reflecting local access requirements (AV:L), low attack complexity (AC:L), low privileges needed (PR:L), no user interaction (UI:N), and unchanged scope (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
A local attacker with low privileges could exploit this vulnerability to trigger memory corruption during test pattern generation on affected systems. Successful exploitation could lead to arbitrary code execution, data disclosure, or system disruption, depending on the context of the display ID handling.
Qualcomm's February 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html provides details on the vulnerability and associated patches or mitigations for affected products. Security practitioners should consult the bulletin for specific remediation steps, such as applying vendor updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41758
Vulnerability details
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption (buffer overflow/out-of-bounds read) with low privileges directly enables exploitation for privilege escalation to achieve arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 enforces validation of display ID inputs to prevent negative indexing that triggers memory corruption during test pattern generation.
SI-16 implements memory protection mechanisms that directly mitigate out-of-bounds reads and buffer overflows exploited in this vulnerability.
SI-2 ensures timely remediation of the specific flaw through application of Qualcomm patches referenced in the February 2025 security bulletin.