Cyber Resilience

CVE-2024-55414

CriticalRCE

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 25.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55414 is a critical-severity Command Injection (CWE-77) vulnerability in Motorola SM56 Modem (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-55414, published on 2025-01-07, is a vulnerability in the SmSerl64.sys driver of the Motorola SM56 Modem WDM Driver version 6.12.23.0. It enables low-privileged users to map physical memory through specially crafted IOCTL requests. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-77.

Attackers with low privileges can exploit this flaw to escalate privileges, execute code under high-privilege contexts, and disclose sensitive information. The signed nature of these drivers further allows bypassing Microsoft's driver-signing policy, facilitating the deployment of malicious code.

Advisories and additional details are available in the GitHub repository at https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55414/CVE-2024-55414_SmSerl64.sys_README.md and on Motorola's site at https://us.motorola.com/. No specific patch or mitigation guidance is provided in the CVE description.

EU & UK References

Vulnerability details

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and…

more

information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
Why these techniques?

Vulnerability directly enables user-mode physical memory mapping via IOCTL for privilege escalation (T1068) and leverages signed driver status to bypass code signing enforcement (T1553.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-46662Shared CWE-77
CVE-2026-23862Shared CWE-77
CVE-2025-64671Shared CWE-77
CVE-2026-40698Shared CWE-77
CVE-2025-55125Shared CWE-77
CVE-2026-41953Shared CWE-77
CVE-2026-30898Shared CWE-77
CVE-2026-38707Shared CWE-77
CVE-2024-53412Shared CWE-77
CVE-2026-3517Shared CWE-77

Affected Assets

Motorola
SM56 Modem
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements memory protection mechanisms that directly prevent low-privileged users from mapping physical memory via vulnerable kernel drivers like SmSerl64.sys.

prevent

Requires validation of IOCTL inputs to block specially crafted requests that enable physical memory mapping, privilege escalation, and information disclosure.

prevent

Enforces least functionality by disabling or removing unnecessary vulnerable drivers such as SmSerl64.sys, eliminating the attack surface for BYOVD exploitation.

References