CVE-2024-45547

CVE-2024-45547 is a memory corruption vulnerability (CWE-120) that occurs during processing of an IOCTL call invoked from user-space to verify non-extension FIPS encryption and decryption functionality. It affects Qualcomm components, as documented in their January 2025 security bulletin. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential with low attack complexity and privileges required.

Local attackers with low privileges (PR:L) can exploit this by sending a specially crafted IOCTL call from user-space, triggering buffer copy without size checking. Successful exploitation enables high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, privilege escalation, or system crashes on affected Qualcomm devices.

Qualcomm's January 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html) advises applying the provided firmware or software updates to remediate the issue. No further mitigation details are available from the referenced advisory.