CVE-2024-53014

High

Published: 03 March 2025

Published

03 March 2025

Modified

11 August 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 35.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption may occur while validating ports and channels in Audio driver.

Security Summary

CVE-2024-53014 is a memory corruption vulnerability that may occur while validating ports and channels in the Audio driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-129 (Improper Validation of Array Index). The issue was published on 2025-03-03.

A local attacker with low privileges can exploit the vulnerability through low-complexity means with no user interaction required. Exploitation leads to high impacts on confidentiality, integrity, and availability.

Qualcomm's March 2025 Security Bulletin provides details on mitigation, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.

Details

CWE(s): CWE-129

Affected Products

qualcomm

sm6370 firmware

all versions

qualcomm

sm6650 firmware

all versions

qualcomm

sm7250p firmware

all versions

qualcomm

sm7315 firmware

all versions

qualcomm

sm7325p firmware

all versions

qualcomm

sm7635 firmware

all versions

qualcomm

sm7675 firmware

all versions

qualcomm

sm7675p firmware

all versions

qualcomm

sm8550p firmware

all versions

qualcomm

sm8635 firmware

all versions

+241 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com