CVE-2024-45582
Published: 03 February 2025
Summary
CVE-2024-45582 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-45582 is a memory corruption vulnerability that occurs while validating the number of devices in the Camera kernel. It is linked to CWE-129 (Improper Validation of Array Index) and affects Qualcomm components, as documented in their security resources.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it through low-complexity means without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as full system compromise via memory corruption.
Qualcomm's February 2025 security bulletin provides details on affected products and mitigation: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41759
Vulnerability details
Memory corruption while validating number of devices in Camera kernel .
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption (CWE-129) directly enables privilege escalation from low-privileged local context to full system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the specific memory corruption vulnerability in the Camera kernel as detailed in Qualcomm's security bulletin.
Information input validation directly counters the improper validation of array indices (CWE-129) when processing the number of devices in the Camera kernel.
Memory protection mechanisms such as ASLR and non-executable memory mitigate exploitation of the memory corruption vulnerability even if input validation fails.