CVE-2024-45560

CVE-2024-45560 is a memory corruption vulnerability that occurs while taking a snapshot with a hardware encoder due to an unvalidated userspace buffer. It affects Qualcomm components, as detailed in the vendor's security bulletin. The issue is classified under CWE-367 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could lead to high-impact outcomes, including unauthorized data access, modification, or system disruption, stemming from the memory corruption triggered by the unvalidated buffer during hardware encoder snapshot operations.

Qualcomm has addressed this issue in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, which provides details on affected products and recommended patches or mitigations for security practitioners to apply.