CVE-2024-53033
Published: 03 March 2025
Summary
CVE-2024-53033 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of user-provided buffer addresses in kernel Escape calls to prevent untrusted pointer dereference and memory corruption.
Implements memory safeguards like address space isolation and protections against unauthorized access to mitigate corruption from invalid kernel pointer usage.
Mandates timely flaw remediation through vendor patches specifically addressing this memory corruption vulnerability in Qualcomm products.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption via invalid kernel pointer dereference directly enables privilege escalation to arbitrary code execution or full system compromise.
NVD Description
Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
Deeper analysisAI
CVE-2024-53033 is a memory corruption vulnerability that occurs during an Escape call when a user provides a valid kernel address in place of a valid user buffer address. It affects Qualcomm products, as detailed in the vendor's security bulletin. The issue is associated with CWE-822 (Untrusted Pointer Dereference) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on March 3, 2025.
A local attacker with low privileges can exploit this vulnerability by supplying a valid kernel address during an Escape call, triggering memory corruption. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution or system compromise within the affected scope.
For mitigation details, including patches and affected product versions, refer to the Qualcomm March 2025 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.
Details
- CWE(s)