Cyber Posture

CVE-2024-45569

Critical

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0058 69.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

Security Summary

CVE-2024-45569 is a memory corruption vulnerability stemming from improper validation of array index (CWE-129) while parsing the ML IE due to invalid frame content. It affects components in Qualcomm products, as documented in the vendor's February 2025 security bulletin.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as arbitrary code execution or system compromise.

Qualcomm's February 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html details affected products and provides guidance on patches or mitigations. Security practitioners should consult this advisory for specific remediation steps.

Details

CWE(s)
CWE-129

Affected Products

qualcomm
ar8035 firmware
all versions
qualcomm
csr8811 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
immersive home 214 firmware
all versions
qualcomm
immersive home 216 firmware
all versions
qualcomm
immersive home 316 firmware
all versions
qualcomm
immersive home 318 firmware
all versions
qualcomm
immersive home 3210 firmware
all versions
+164 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Memory corruption vulnerability in parsing malformed ML IE in wireless frames enables remote exploitation for privilege escalation (e.g., kernel/driver RCE) or endpoint denial of service via application/system crash.

References