Cyber Posture

CVE-2024-45584

High

Published: 03 February 2025

Published
03 February 2025
Modified
05 February 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.

Security Summary

CVE-2024-45584 is a memory corruption vulnerability associated with CWE-822 (Untrusted Pointer Dereference) and CWE-119 (Buffer Overflow). It occurs when a compatibility IOCTL call is followed by a normal IOCTL call from userspace. The vulnerability affects Qualcomm products, as outlined in their February 2025 security bulletin, and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-02-03.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction. Exploitation leads to high impacts on confidentiality, integrity, and availability, enabling potential arbitrary code execution, data tampering, or denial of service within the affected system scope.

The Qualcomm February 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html provides details on mitigation, including identification of affected products and recommended patches or updates.

Details

CWE(s)
CWE-822CWE-119

Affected Products

qualcomm
ar8035 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qam8255p firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qam8620p firmware
all versions
qualcomm
qam8650p firmware
all versions
qualcomm
qam8775p firmware
all versions
qualcomm
qamsrv1h firmware
all versions
+114 more product configuration(s) — see NVD for full list

References