CVE-2024-45542

CVE-2024-45542 is a memory corruption vulnerability triggered when an IOCTL call is invoked from user-space to write board data to the WLAN driver. It is associated with CWE-121 (stack-based buffer overflow) and CWE-787 (out-of-bounds write) and affects Qualcomm WLAN drivers. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-06.

A local attacker with low privileges can exploit this issue by crafting and sending a malicious IOCTL call to the WLAN driver from user-space. Successful exploitation leads to memory corruption, enabling high-impact effects on confidentiality, integrity, and availability, such as potential arbitrary code execution or system denial of service.

Qualcomm's January 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on mitigation, including affected products and recommended patches.