CVE-2024-45548

CVE-2024-45548 is a memory corruption vulnerability, associated with CWE-126 and CWE-125, that occurs while processing FIPS encryption or decryption validation functionality in an IOCTL call. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Qualcomm components, as documented in their security resources.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and disruption of availability.

Qualcomm has published details on mitigations in their January 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html. Security practitioners should consult this advisory for patch information and recommended actions.