CVE-2024-45582

High

Published: 03 February 2025

Published

03 February 2025

Modified

05 February 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption while validating number of devices in Camera kernel .

Security Summary

CVE-2024-45582 is a memory corruption vulnerability that occurs while validating the number of devices in the Camera kernel. It is linked to CWE-129 (Improper Validation of Array Index) and affects Qualcomm components, as documented in their security resources.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it through low-complexity means without user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as full system compromise via memory corruption.

Qualcomm's February 2025 security bulletin provides details on affected products and mitigation: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html.

Details

CWE(s): CWE-129

Affected Products

qualcomm

fastconnect 6900 firmware

all versions

qualcomm

fastconnect 7800 firmware

all versions

qualcomm

qcm8550 firmware

all versions

qualcomm

qcs6490 firmware

all versions

qualcomm

video collaboration vc3 platform firmware

all versions

qualcomm

sm6650 firmware

all versions

qualcomm

sm7635 firmware

all versions

qualcomm

sm7675 firmware

all versions

qualcomm

sm7675p firmware

all versions

qualcomm

sm8550p firmware

all versions

+24 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com