Cyber Posture

CVE-2024-43064

High

Published: 06 January 2025

Published
06 January 2025
Modified
13 January 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 18.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.

Security Summary

CVE-2024-43064 is a vulnerability that causes uncontrolled resource consumption when a driver, an application, or an SMMU client attempts to access global registers through the SMMU. Published on 2025-01-06, it is associated with CWE-264 (Permissions, Privileges, and Access Control) and CWE-770 (Allocation of Resources Without Limits or Throttling). The issue affects components in Qualcomm products, as referenced in their security documentation.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction (UI:N). A successful attack changes scope (S:C) and achieves high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), resulting in a CVSS v3.1 base score of 7.5.

Qualcomm's January 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html) details the vulnerability and associated mitigations or patches.

Details

CWE(s)
CWE-264CWE-770

Affected Products

qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8620p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
qualcomm
qamsrv1h firmware
all versions
qualcomm
qamsrv1m firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6595 firmware
all versions
qualcomm
qca6595au firmware
all versions
+20 more product configuration(s) — see NVD for full list

References