CVE-2024-53033

CVE-2024-53033 is a memory corruption vulnerability that occurs during an Escape call when a user provides a valid kernel address in place of a valid user buffer address. It affects Qualcomm products, as detailed in the vendor's security bulletin. The issue is associated with CWE-822 (Untrusted Pointer Dereference) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on March 3, 2025.

A local attacker with low privileges can exploit this vulnerability by supplying a valid kernel address during an Escape call, triggering memory corruption. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution or system compromise within the affected scope.

For mitigation details, including patches and affected product versions, refer to the Qualcomm March 2025 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html.