CVE-2024-53012

High

Published: 03 March 2025

Published

03 March 2025

Modified

06 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption may occur due to improper input validation in clock device.

Security Summary

CVE-2024-53012 is a memory corruption vulnerability stemming from improper input validation (CWE-20) in the clock device, potentially leading to out-of-bounds writes (CWE-787). It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-03. The vulnerability affects components in Qualcomm products, as referenced in their security documentation.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction required. Successful exploitation may result in high impacts to confidentiality, integrity, and availability, such as arbitrary code execution or system crashes through memory corruption in the clock device.

Qualcomm's March 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html) details affected products and provides guidance on patches and mitigations for this vulnerability.

Details

CWE(s): CWE-20CWE-787

Affected Products

qualcomm

qam8255p firmware

all versions

qualcomm

qam8295p firmware

all versions

qualcomm

qam8620p firmware

all versions

qualcomm

qam8650p firmware

all versions

qualcomm

qam8775p firmware

all versions

qualcomm

qamsrv1h firmware

all versions

qualcomm

qamsrv1m firmware

all versions

qualcomm

qca6574au firmware

all versions

qualcomm

qca6595 firmware

all versions

qualcomm

qca6595au firmware

all versions

+16 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Vendor Advisory · product-security@qualcomm.com