CVE-2024-53028

CVE-2024-53028 is a memory corruption vulnerability that may occur while processing a message from the frontend during allocation, associated with CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition for Allocate/Deallocate). It carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects components in Qualcomm products, as documented in their security advisories.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized disclosure of sensitive information, modification of data or system integrity, and denial of service through availability disruption.

Qualcomm's March 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html provides details on affected products and recommended mitigations or patches. Security practitioners should consult this advisory for specific remediation steps tailored to impacted devices.