CVE-2024-21464

CVE-2024-21464 is a memory corruption vulnerability (CWE-120) that occurs while processing IPA statistics when there are no active clients registered. It affects Qualcomm software components, as detailed in the vendor's security bulletin. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with no privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Successful exploitation enables high-impact outcomes, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to arbitrary code execution or system compromise.

Qualcomm's January 2025 security bulletin provides details on affected products and recommends applying the available patches or updates to mitigate the issue, accessible at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html.