CVE-2024-53022

High

Published: 03 March 2025

Published

03 March 2025

Modified

06 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption may occur during communication between primary and guest VM.

Security Summary

CVE-2024-53022 is a memory corruption vulnerability that may occur during communication between the primary and guest virtual machines. It is associated with CWE-20 (Improper Input Validation) and CWE-787 (Out-of-bounds Write), carrying a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability affects components detailed in Qualcomm's security documentation.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability through memory corruption.

Qualcomm's March 2025 Security Bulletin provides details on affected products, patches, and mitigation guidance, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.

Details

CWE(s): CWE-20CWE-787

Affected Products

qualcomm

qam8255p firmware

all versions

qualcomm

qam8295p firmware

all versions

qualcomm

qam8620p firmware

all versions

qualcomm

qam8650p firmware

all versions

qualcomm

qam8775p firmware

all versions

qualcomm

qamsrv1h firmware

all versions

qualcomm

qamsrv1m firmware

all versions

qualcomm

qca6595 firmware

all versions

qualcomm

qca6595au firmware

all versions

qualcomm

qca6696 firmware

all versions

+13 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Vendor Advisory · product-security@qualcomm.com