CVE-2024-45580

CVE-2024-45580 is a memory corruption vulnerability, classified under CWE-416 (Use After Free), occurring while handling multiple IOCTL calls from userspace for remote invocation. It affects Qualcomm components, as detailed in the vendor's security bulletin. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential from local exploitation.

A local attacker with low privileges can exploit this issue with low complexity and no user interaction required. Successful exploitation enables high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution, data tampering, or system crashes through the memory corruption triggered by the IOCTL handling.

Qualcomm's March 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html) provides details on affected products and recommends applying vendor-supplied patches to mitigate the vulnerability. Security practitioners should review the bulletin for specific firmware or driver updates applicable to their environments.