CVE-2024-43055

High

Published: 03 March 2025

Published

03 March 2025

Modified

06 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 12.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption while processing camera use case IOCTL call.

Security Summary

CVE-2024-43055 is a memory corruption vulnerability (CWE-120) triggered during the processing of camera use case IOCTL calls in Qualcomm components. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact with local access required.

A local attacker possessing low privileges can exploit this issue with low attack complexity and without requiring user interaction. Exploitation enables high confidentiality, integrity, and availability impacts, such as unauthorized data access, modification, or denial of service through memory corruption.

Qualcomm's March 2025 Security Bulletin provides details on affected products, patches, and mitigation guidance; see https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html for implementation steps.

Details

CWE(s): CWE-120

Affected Products

qualcomm

fastconnect 6900 firmware

all versions

qualcomm

fastconnect 7800 firmware

all versions

qualcomm

sdm429w firmware

all versions

qualcomm

snapdragon 429 firmware

all versions

qualcomm

snapdragon 8 gen 1 firmware

all versions

qualcomm

sxr2230p firmware

all versions

qualcomm

sxr2250p firmware

all versions

qualcomm

wcd9380 firmware

all versions

qualcomm

wcd9385 firmware

all versions

qualcomm

wcn3620 firmware

all versions

+4 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Vendor Advisory · product-security@qualcomm.com