Cyber Posture

CVE-2024-45573

High

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45573 is a high-severity Use of Out-of-range Pointer Offset (CWE-823) vulnerability in Qualcomm Fastconnect 6700 Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 enforces validation of display ID inputs to prevent negative indexing that triggers memory corruption during test pattern generation.

SI-16 Memory Protection good match
prevent

SI-16 implements memory protection mechanisms that directly mitigate out-of-bounds reads and buffer overflows exploited in this vulnerability.

SI-2 Flaw Remediation good match
prevent

SI-2 ensures timely remediation of the specific flaw through application of Qualcomm patches referenced in the February 2025 security bulletin.

NVD Description

Memory corruption may occour while generating test pattern due to negative indexing of display ID.

Deeper analysisAI

CVE-2024-45573 is a memory corruption vulnerability that may occur while generating test patterns due to negative indexing of a display ID. It is documented in Qualcomm's February 2025 security bulletin and is associated with CWE-823 (Use of Out-of-bounds Read) and CWE-119 (Buffer Overflow). The vulnerability has a CVSS v3.1 base score of 7.8 (High), reflecting local access requirements (AV:L), low attack complexity (AC:L), low privileges needed (PR:L), no user interaction (UI:N), and unchanged scope (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

A local attacker with low privileges could exploit this vulnerability to trigger memory corruption during test pattern generation on affected systems. Successful exploitation could lead to arbitrary code execution, data disclosure, or system disruption, depending on the context of the display ID handling.

Qualcomm's February 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html provides details on the vulnerability and associated patches or mitigations for affected products. Security practitioners should consult the bulletin for specific remediation steps, such as applying vendor updates.

Details

CWE(s)
CWE-823CWE-119

Affected Products

qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qcm5430 firmware
all versions
qualcomm
qcm6490 firmware
all versions
qualcomm
qcs5430 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sc8380xp firmware
all versions
qualcomm
sdm429w firmware
all versions
+14 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-49840Same product: Qualcomm Fastconnect 6900
CVE-2024-43060Same product: Qualcomm Fastconnect 6900
CVE-2024-45560Same product: Qualcomm Fastconnect 6700
CVE-2024-53034Same product: Qualcomm Fastconnect 6900
CVE-2024-53033Same product: Qualcomm Fastconnect 6900
CVE-2025-47390Same product: Qualcomm Fastconnect 6700
CVE-2024-45561Same product: Qualcomm Fastconnect 6700
CVE-2025-47405Same product: Qualcomm Fastconnect 6900
CVE-2026-21375Same product: Qualcomm Fastconnect 6700
CVE-2025-47343Same product: Qualcomm Fastconnect 6700

References