CVE-2024-53027

High

Published: 03 March 2025

Published

03 March 2025

Modified

11 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0034 56.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Transient DOS may occur while processing the country IE.

Security Summary

CVE-2024-53027 is a vulnerability that may cause a transient denial-of-service (DoS) condition while processing the country information element (IE). It is associated with CWE-120 (Buffer Copy without Checking Size of Input) and affects components in Qualcomm products.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it can be exploited remotely by an unauthenticated attacker with low attack complexity and no user interaction. Successful exploitation results in high-impact disruption to availability through a transient DoS, with no impact on confidentiality or integrity.

Qualcomm has published details and mitigation guidance in its March 2025 Security Bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.

Details

CWE(s): CWE-120

Affected Products

qualcomm

qca9367 firmware

all versions

qualcomm

qca9377 firmware

all versions

qualcomm

qcc2073 firmware

all versions

qualcomm

qcc2076 firmware

all versions

qualcomm

qcc710 firmware

all versions

qualcomm

qcm2290 firmware

all versions

qualcomm

qcm4290 firmware

all versions

qualcomm

qcm5430 firmware

all versions

qualcomm

qcm6125 firmware

all versions

qualcomm

qcm6490 firmware

all versions

+202 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com