Cyber Posture

CVE-2024-45571

High

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.

Security Summary

CVE-2024-45571 is a memory corruption vulnerability, associated with CWE-416 (Use After Free), that may occur when stopping the WLAN interface after processing a WMI command from the interface. It affects Qualcomm components responsible for WLAN interface management.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a local attack vector with low complexity and requiring low privileges, with no user interaction needed and unchanged scope. A local attacker could exploit it to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise.

Qualcomm has addressed the issue in their February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html.

Details

CWE(s)
CWE-416

Affected Products

qualcomm
ar8035 firmware
all versions
qualcomm
csr8811 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
immersive home 214 firmware
all versions
qualcomm
immersive home 216 firmware
all versions
qualcomm
immersive home 316 firmware
all versions
qualcomm
immersive home 318 firmware
all versions
qualcomm
immersive home 3210 firmware
all versions
+140 more product configuration(s) — see NVD for full list

References