Cyber Resilience

CVE-2024-45582

High

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45582 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-45582 is a memory corruption vulnerability that occurs while validating the number of devices in the Camera kernel. It is linked to CWE-129 (Improper Validation of Array Index) and affects Qualcomm components, as documented in their security resources.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it through low-complexity means without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as full system compromise via memory corruption.

Qualcomm's February 2025 security bulletin provides details on affected products and mitigation: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html.

EU & UK References

Vulnerability details

Memory corruption while validating number of devices in Camera kernel .

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption (CWE-129) directly enables privilege escalation from low-privileged local context to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49843Same product: Qualcomm Fastconnect 7800
CVE-2024-49833Same product: Qualcomm Fastconnect 6900
CVE-2024-49832Same product: Qualcomm Fastconnect 6900
CVE-2024-49836Same product: Qualcomm Fastconnect 6900
CVE-2024-49834Same product: Qualcomm Fastconnect 6900
CVE-2026-25276Same product: Qualcomm Fastconnect 6900
CVE-2024-45550Same product: Qualcomm Fastconnect 6900
CVE-2024-53014Same product: Qualcomm Fastconnect 6900
CVE-2024-49837Same vendor: Qualcomm
CVE-2025-47393Same vendor: Qualcomm

Affected Assets

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qcm8550 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sm6650 firmware
all versions
qualcomm
sm7635 firmware
all versions
qualcomm
sm7675 firmware
all versions
qualcomm
sm7675p firmware
all versions
qualcomm
sm8550p firmware
all versions
+24 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires timely patching of the specific memory corruption vulnerability in the Camera kernel as detailed in Qualcomm's security bulletin.

prevent

Information input validation directly counters the improper validation of array indices (CWE-129) when processing the number of devices in the Camera kernel.

prevent

Memory protection mechanisms such as ASLR and non-executable memory mitigate exploitation of the memory corruption vulnerability even if input validation fails.

References