CVE-2024-53031
Published: 03 March 2025
Description
Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.
Security Summary
CVE-2024-53031 is a memory corruption vulnerability (CWE-20: Improper Input Validation; CWE-787: Out-of-bounds Write) that occurs while reading a type value from a buffer controlled by the Guest Virtual Machine. Published on 2025-03-03, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects components in Qualcomm products, as referenced in their security bulletin.
The vulnerability can be exploited by a local attacker who has low privileges (PR:L) on the affected system, requiring low complexity (AC:L) and no user interaction (UI:N). With control over the Guest Virtual Machine's buffer, the attacker can trigger memory corruption in the host context, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope (S:U), potentially enabling privilege escalation or arbitrary code execution.
Qualcomm's March 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html details affected products, patch availability, and mitigation guidance for this vulnerability.
Details
- CWE(s)