CVE-2024-55414

CriticalRCE

Published: 07 January 2025

Published

07 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55414 is a critical-severity Command Injection (CWE-77) vulnerability in Motorola SM56 Modem (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms that directly prevent low-privileged users from mapping physical memory via vulnerable kernel drivers like SmSerl64.sys.

SI-10 Information Input Validation good match

prevent

Requires validation of IOCTL inputs to block specially crafted requests that enable physical memory mapping, privilege escalation, and information disclosure.

CM-7 Least Functionality good match

prevent

Enforces least functionality by disabling or removing unnecessary vulnerable drivers such as SmSerl64.sys, eliminating the attack surface for BYOVD exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1553.002 Code Signing Defense Impairment

Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables user-mode physical memory mapping via IOCTL for privilege escalation (T1068) and leverages signed driver status to bypass code signing enforcement (T1553.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and…

information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

Deeper analysisAI

CVE-2024-55414, published on 2025-01-07, is a vulnerability in the SmSerl64.sys driver of the Motorola SM56 Modem WDM Driver version 6.12.23.0. It enables low-privileged users to map physical memory through specially crafted IOCTL requests. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-77.

Attackers with low privileges can exploit this flaw to escalate privileges, execute code under high-privilege contexts, and disclose sensitive information. The signed nature of these drivers further allows bypassing Microsoft's driver-signing policy, facilitating the deployment of malicious code.

Advisories and additional details are available in the GitHub repository at https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md and on Motorola's site at https://us.motorola.com/. No specific patch or mitigation guidance is provided in the CVE description.