Cyber Resilience

CVE-2024-53023

High

Published: 03 March 2025

Published
03 March 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53023 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-53023 is a memory corruption vulnerability stemming from a use-after-free error (CWE-416) that can occur while accessing a variable during extended back-to-back tests. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects components in Qualcomm products, as documented in their security advisories.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability through memory corruption, potentially allowing arbitrary code execution or system compromise within the affected scope.

Qualcomm's March 2025 security bulletin provides details on the vulnerability, including affected products and recommended patches or mitigations, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.

EU & UK References

Vulnerability details

Memory corruption may occur while accessing a variable during extended back to back tests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free memory corruption in Qualcomm components directly enables arbitrary code execution from low privileges, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45553Same product: Qualcomm Ar8035
CVE-2025-47377Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8035
CVE-2025-21424Same product: Qualcomm Ar8035
CVE-2025-47386Same product: Qualcomm Ar8035
CVE-2025-47376Same product: Qualcomm Ar8035
CVE-2025-47375Same product: Qualcomm Ar8035
CVE-2025-47379Same product: Qualcomm Ar8035
CVE-2025-47398Same product: Qualcomm Fastconnect 6900
CVE-2025-47339Same product: Qualcomm Ar8035

Affected Assets

qualcomm
ar8035 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8620p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
qualcomm
qamsrv1h firmware
all versions
qualcomm
qamsrv1m firmware
all versions
+93 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free memory corruption vulnerability by identifying, prioritizing, and applying patches from Qualcomm's security bulletin.

prevent

Implements memory safeguards like ASLR, DEP, and canaries to protect against exploitation of the use-after-free error during variable access.

prevent

Ensures receipt, dissemination, and implementation of vendor security advisories such as Qualcomm's March 2025 bulletin documenting this CVE and its patches.

References