CVE-2024-45555

EPSS 0.03%
Published 06.01.2025 11:15:10
Last modified 13.01.2025 21:51:26
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Qam8255p Firmware Version-

Qualcomm ≫ Qam8255p Version-

Qualcomm ≫ Qam8295p Firmware Version-

Qualcomm ≫ Qam8295p Version-

Qualcomm ≫ Qam8620p Firmware Version-

Qualcomm ≫ Qam8620p Version-

Qualcomm ≫ Qam8650p Firmware Version-

Qualcomm ≫ Qam8650p Version-

Qualcomm ≫ Qam8775p Firmware Version-

Qualcomm ≫ Qam8775p Version-

Qualcomm ≫ Qamsrv1h Firmware Version-

Qualcomm ≫ Qamsrv1h Version-

Qualcomm ≫ Qamsrv1m Firmware Version-

Qualcomm ≫ Qamsrv1m Version-

Qualcomm ≫ Qca6564a Firmware Version-

Qualcomm ≫ Qca6564a Version-

Qualcomm ≫ Qca6564au Firmware Version-

Qualcomm ≫ Qca6564au Version-

Qualcomm ≫ Qca6574a Firmware Version-

Qualcomm ≫ Qca6574a Version-

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au Version-

Qualcomm ≫ Qca6584au Firmware Version-

Qualcomm ≫ Qca6584au Version-

Qualcomm ≫ Qca6595 Firmware Version-

Qualcomm ≫ Qca6595 Version-

Qualcomm ≫ Qca6595au Firmware Version-

Qualcomm ≫ Qca6595au Version-

Qualcomm ≫ Qca6688aq Firmware Version-

Qualcomm ≫ Qca6688aq Version-

Qualcomm ≫ Qca6696 Firmware Version-

Qualcomm ≫ Qca6696 Version-

Qualcomm ≫ Qca6698aq Firmware Version-

Qualcomm ≫ Qca6698aq Version-

Qualcomm ≫ Sa6145p Firmware Version-

Qualcomm ≫ Sa6145p Version-

Qualcomm ≫ Sa6150p Firmware Version-

Qualcomm ≫ Sa6150p Version-

Qualcomm ≫ Sa6155 Firmware Version-

Qualcomm ≫ Sa6155 Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Sa7255p Firmware Version-

Qualcomm ≫ Sa7255p Version-

Qualcomm ≫ Sa7775p Firmware Version-

Qualcomm ≫ Sa7775p Version-

Qualcomm ≫ Sa8145p Firmware Version-

Qualcomm ≫ Sa8145p Version-

Qualcomm ≫ Sa8150p Firmware Version-

Qualcomm ≫ Sa8150p Version-

Qualcomm ≫ Sa8155 Firmware Version-

Qualcomm ≫ Sa8155 Version-

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p Version-

Qualcomm ≫ Sa8195p Firmware Version-

Qualcomm ≫ Sa8195p Version-

Qualcomm ≫ Sa8255p Firmware Version-

Qualcomm ≫ Sa8255p Version-

Qualcomm ≫ Sa8295p Firmware Version-

Qualcomm ≫ Sa8295p Version-

Qualcomm ≫ Sa8540p Firmware Version-

Qualcomm ≫ Sa8540p Version-

Qualcomm ≫ Sa8620p Firmware Version-

Qualcomm ≫ Sa8620p Version-

Qualcomm ≫ Sa8650p Firmware Version-

Qualcomm ≫ Sa8650p Version-

Qualcomm ≫ Sa8770p Firmware Version-

Qualcomm ≫ Sa8770p Version-

Qualcomm ≫ Sa8775p Firmware Version-

Qualcomm ≫ Sa8775p Version-

Qualcomm ≫ Sa9000p Firmware Version-

Qualcomm ≫ Sa9000p Version-

Qualcomm ≫ Snapdragon 820 Automotive Firmware Version-

Qualcomm ≫ Snapdragon 820 Automotive Version-

Qualcomm ≫ Srv1h Firmware Version-

Qualcomm ≫ Srv1h Version-

Qualcomm ≫ Srv1l Firmware Version-

Qualcomm ≫ Srv1l Version-

Qualcomm ≫ Srv1m Firmware Version-

Qualcomm ≫ Srv1m Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.083

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45555

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45555

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45555

EUVD