CVE-2024-45541

High

Published: 06 January 2025

Published

06 January 2025

Modified

11 August 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption when IOCTL call is invoked from user-space to read board data.

Security Summary

CVE-2024-45541 is a memory corruption vulnerability classified under CWE-120 (Buffer Copy without Checking Size of Input), triggered when an IOCTL call is invoked from user-space to read board data. It affects Qualcomm components, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-01-06.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction. Exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise.

Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on affected products and recommended mitigations, including available patches.

Details

CWE(s): CWE-120

Affected Products

qualcomm

aqt1000 firmware

all versions

qualcomm

fastconnect 6200 firmware

all versions

qualcomm

fastconnect 6700 firmware

all versions

qualcomm

fastconnect 6800 firmware

all versions

qualcomm

fastconnect 6900 firmware

all versions

qualcomm

fastconnect 7800 firmware

all versions

qualcomm

qca1062 firmware

all versions

qualcomm

qca1064 firmware

all versions

qualcomm

qca2062 firmware

all versions

qualcomm

qca2064 firmware

all versions

+41 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html
Vendor Advisory · product-security@qualcomm.com