Cyber Posture

CVE-2024-53014

High

Published: 03 March 2025

Published
03 March 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 35.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53014 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Snapdragon Auto 5G Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of all information inputs, directly addressing the improper validation of array indices for ports and channels in the audio driver.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms like address space randomization and non-executable memory to prevent exploitation of memory corruption vulnerabilities.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of identified flaws, such as applying Qualcomm patches for this specific audio driver vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local memory corruption in kernel driver (array index validation flaw) directly enables privilege escalation from low-privileged context to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Memory corruption may occur while validating ports and channels in Audio driver.

Deeper analysisAI

CVE-2024-53014 is a memory corruption vulnerability that may occur while validating ports and channels in the Audio driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-129 (Improper Validation of Array Index). The issue was published on 2025-03-03.

A local attacker with low privileges can exploit the vulnerability through low-complexity means with no user interaction required. Exploitation leads to high impacts on confidentiality, integrity, and availability.

Qualcomm's March 2025 Security Bulletin provides details on mitigation, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.

Details

CWE(s)
CWE-129

Affected Products

qualcomm
sm6370 firmware
all versions
qualcomm
sm6650 firmware
all versions
qualcomm
sm7250p firmware
all versions
qualcomm
sm7315 firmware
all versions
qualcomm
sm7325p firmware
all versions
qualcomm
sm7635 firmware
all versions
qualcomm
sm7675 firmware
all versions
qualcomm
sm7675p firmware
all versions
qualcomm
sm8550p firmware
all versions
qualcomm
sm8635 firmware
all versions
+241 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-49834Same product: Qualcomm Csra6620
CVE-2025-21424Same product: Qualcomm 215
CVE-2024-49833Same product: Qualcomm Fastconnect 6700
CVE-2024-49843Same product: Qualcomm Fastconnect 6200
CVE-2024-53024Same product: Qualcomm Ar8035
CVE-2024-49836Same product: Qualcomm Fastconnect 6900
CVE-2024-49837Same product: Qualcomm Qam8255P
CVE-2024-49832Same product: Qualcomm Fastconnect 6900
CVE-2025-47393Same product: Qualcomm Qam8255P
CVE-2024-45569Same product: Qualcomm Ar8035

References