Cyber Posture

CVE-2024-53030

High

Published: 03 March 2025

Published
03 March 2025
Modified
07 March 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53030 is a high-severity Improper Input Validation (CWE-20) vulnerability in Qualcomm Msm8996Au Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the improper input validation (CWE-20) that leads to memory corruption when processing FE driver input messages.

SI-16 Memory Protection good match
prevent

Implements memory protections to minimize the impact of out-of-bounds writes (CWE-787) exploited via corrupted input processing.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and correction of the specific memory corruption flaw in Qualcomm components.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local memory corruption (out-of-bounds write) in Qualcomm driver component directly enables local privilege escalation from low-privileged context to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Memory corruption while processing input message passed from FE driver.

Deeper analysisAI

CVE-2024-53030 is a memory corruption vulnerability that occurs while processing an input message passed from the FE driver. It is associated with CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), carrying a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability affects components in Qualcomm products, as detailed in the vendor's security bulletin.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through memory corruption.

Qualcomm's March 2025 security bulletin provides details on affected products, patches, and mitigation recommendations, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html. Security practitioners should consult this advisory for specific remediation steps.

Details

CWE(s)
CWE-20CWE-787

Affected Products

qualcomm
msm8996au firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8620p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
qualcomm
qamsrv1h firmware
all versions
qualcomm
qamsrv1m firmware
all versions
qualcomm
qca6564a firmware
all versions
qualcomm
qca6564au firmware
all versions
+34 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-53012Same product: Qualcomm Qam8255P
CVE-2024-53031Same product: Qualcomm Qam8255P
CVE-2024-53022Same product: Qualcomm Qam8255P
CVE-2024-53029Same product: Qualcomm Qam8255P
CVE-2024-53028Same product: Qualcomm Qam8255P
CVE-2025-47363Same product: Qualcomm Qam8255P
CVE-2024-45555Same product: Qualcomm Msm8996Au
CVE-2024-49837Same product: Qualcomm Qam8255P
CVE-2024-53032Same product: Qualcomm Qam8255P
CVE-2025-47346Same product: Qualcomm Qam8255P

References