CVE-2024-53034

CVE-2024-53034 is a memory corruption vulnerability that occurs during an Escape call when an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset. It affects Qualcomm software components, as documented in the vendor's security bulletin. The issue is associated with CWE-822 (Untrusted Pointer Dereference) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), and it received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation triggers memory corruption, potentially enabling high-impact outcomes such as unauthorized data access, modification of system integrity, or denial of service through kernel instability.

Qualcomm's March 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html) addresses the vulnerability, providing guidance on affected products and available patches for mitigation. Security practitioners should review the bulletin for specific remediation steps tailored to deployed Qualcomm platforms.