CVE-2024-45550

CVE-2024-45550 is a memory corruption vulnerability, classified under CWE-129 (Improper Validation of Array Index), that occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. It affects the MCDM driver within Qualcomm components. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on January 6, 2025.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to full system compromise.

Qualcomm's January 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html, provides details on affected products and recommended mitigations or patches.