CVE-2024-53029

CVE-2024-53029 is a memory corruption vulnerability stemming from improper input validation (CWE-20) and out-of-bounds write (CWE-787) when reading a value from a buffer controlled by a Guest Virtual Machine. It affects Qualcomm components, as detailed in the March 2025 security bulletin. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high potential impact on confidentiality, integrity, and availability.

An attacker with local access and low privileges on the host system can exploit this issue with low complexity and no user interaction required. By controlling the Guest Virtual Machine's buffer, the attacker can trigger memory corruption on the host, potentially leading to arbitrary code execution, data tampering, or system crashes within the affected scope.

Qualcomm's March 2025 security bulletin provides details on the vulnerability, including affected products and recommended patches; practitioners should consult https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html for mitigation guidance and updates.