CVE-2024-45546

CVE-2024-45546 is a memory corruption vulnerability stemming from improper handling of FIPS encryption or decryption IOCTL calls invoked from user-space. It affects Qualcomm components, as detailed in their security bulletin, and is associated with CWE-126 (Buffer Over-read) and CWE-125 (Out-of-bounds Read). The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

A local attacker with low privileges, such as a standard user on the affected system, can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation triggers memory corruption, potentially allowing arbitrary code execution, data tampering, or system crashes within the context of the vulnerable component.

Qualcomm has addressed this issue in their January 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html, which provides details on affected products and recommended patches or mitigations for security practitioners.