CVE-2024-53032

High

Published: 03 March 2025

Published

03 March 2025

Modified

07 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 24.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption may occur in keyboard virtual device due to guest VM interaction.

Security Summary

CVE-2024-53032 is a memory corruption vulnerability (CWE-367) in the keyboard virtual device triggered by guest VM interactions. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on March 3, 2025. The issue affects components in Qualcomm products, as outlined in their security advisories.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Exploitation leads to memory corruption, enabling high-impact consequences including unauthorized data disclosure, modification, and denial of service within the affected scope.

Qualcomm's March 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html details patches and mitigation guidance for addressing this vulnerability.

Details

CWE(s): CWE-367

Affected Products

qualcomm

qam8255p firmware

all versions

qualcomm

qam8295p firmware

all versions

qualcomm

qam8620p firmware

all versions

qualcomm

qam8650p firmware

all versions

qualcomm

qam8775p firmware

all versions

qualcomm

qamsrv1h firmware

all versions

qualcomm

qamsrv1m firmware

all versions

qualcomm

qca6574au firmware

all versions

qualcomm

qca6595 firmware

all versions

qualcomm

qca6595au firmware

all versions

+16 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html
Vendor Advisory · product-security@qualcomm.com