CVE-2024-53011

CVE-2024-53011 is an information disclosure vulnerability stemming from improper permission and access controls in the Video Analytics engine. It affects Qualcomm components, as detailed in the vendor's security bulletin. The issue is rated with a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) and is associated with CWE-264 (Permissions, Privileges, and Access Controls) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability was published on March 3, 2025.

Exploitation requires local access (AV:L) with low attack complexity (AC:L) and high privileges (PR:H), needing no user interaction (UI:N). Successful attacks have a changed scope (S:C), enabling high confidentiality (C:H) and integrity (I:H) impacts with no availability disruption (A:N). A privileged local attacker could leverage the flawed controls to disclose sensitive information from the Video Analytics engine and potentially modify data.

For mitigation details, refer to the Qualcomm March 2025 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html, which provides guidance on patches and workarounds.