CVE-2024-53024

High

Published: 03 March 2025

Published

03 March 2025

Modified

11 August 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 35.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption in display driver while detaching a device.

Security Summary

CVE-2024-53024 is a memory corruption vulnerability, classified under CWE-476 (NULL Pointer Dereference), occurring in the display driver during device detachment. It affects Qualcomm components, as detailed in their security bulletin. The vulnerability received a CVSS v3.1 base score of 7.8 (High), reflecting its potential severity with local access.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data corruption, or system crashes within the unchanged scope (S:U).

Qualcomm's March 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html provides details on affected products and recommended patches or mitigations for remediation.

Details

CWE(s): CWE-476

Affected Products

qualcomm

qcs6490 firmware

all versions

qualcomm

qcs7230 firmware

all versions

qualcomm

qcs8250 firmware

all versions

qualcomm

qcs8300 firmware

all versions

qualcomm

qcs8550 firmware

all versions

qualcomm

qcs9100 firmware

all versions

qualcomm

qmp1000 firmware

all versions

qualcomm

qrb5165m firmware

all versions

qualcomm

qrb5165n firmware

all versions

qualcomm

qsm8350 firmware

all versions

+156 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com