CVE-2024-45580

EPSS 0.03%
Published 03.03.2025 11:15:12
Last modified 06.03.2025 16:36:34
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption while handling multuple IOCTL calls from userspace for remote invocation.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800

Qualcomm ≫ Qmp1000 Firmware Version-

Qualcomm ≫ Qmp1000

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w

Qualcomm ≫ Sm8735 Firmware Version-

Qualcomm ≫ Sm8735

Qualcomm ≫ Sm8750 Firmware Version-

Qualcomm ≫ Sm8750

Qualcomm ≫ Sm8750p Firmware Version-

Qualcomm ≫ Sm8750p

Qualcomm ≫ Snapdragon 429 Firmware Version-

Qualcomm ≫ Snapdragon 429

Qualcomm ≫ Snapdragon 8 Gen 3 Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 3

Qualcomm ≫ Snapdragon Ar1 Gen 1 Firmware Version-

Qualcomm ≫ Snapdragon Ar1 Gen 1

Qualcomm ≫ Snapdragon Ar2 Gen 1 Firmware Version-

Qualcomm ≫ Snapdragon Ar2 Gen 1

Qualcomm ≫ Ssg2115p Firmware Version-

Qualcomm ≫ Ssg2115p

Qualcomm ≫ Ssg2125p Firmware Version-

Qualcomm ≫ Ssg2125p

Qualcomm ≫ Sxr1230p Firmware Version-

Qualcomm ≫ Sxr1230p

Qualcomm ≫ Sxr2230p Firmware Version-

Qualcomm ≫ Sxr2230p

Qualcomm ≫ Sxr2250p Firmware Version-

Qualcomm ≫ Sxr2250p

Qualcomm ≫ Sxr2330p Firmware Version-

Qualcomm ≫ Sxr2330p

Qualcomm ≫ Wcd9378 Firmware Version-

Qualcomm ≫ Wcd9378

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385

Qualcomm ≫ Wcd9390 Firmware Version-

Qualcomm ≫ Wcd9390

Qualcomm ≫ Wcd9395 Firmware Version-

Qualcomm ≫ Wcd9395

Qualcomm ≫ Wcn3620 Firmware Version-

Qualcomm ≫ Wcn3620

Qualcomm ≫ Wcn3660b Firmware Version-

Qualcomm ≫ Wcn3660b

Qualcomm ≫ Wcn3680b Firmware Version-

Qualcomm ≫ Wcn3680b

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980

Qualcomm ≫ Wcn7750 Firmware Version-

Qualcomm ≫ Wcn7750

Qualcomm ≫ Wcn7860 Firmware Version-

Qualcomm ≫ Wcn7860

Qualcomm ≫ Wcn7861 Firmware Version-

Qualcomm ≫ Wcn7861

Qualcomm ≫ Wcn7880 Firmware Version-

Qualcomm ≫ Wcn7880

Qualcomm ≫ Wcn7881 Firmware Version-

Qualcomm ≫ Wcn7881

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835

Qualcomm ≫ Wsa8840 Firmware Version-

Qualcomm ≫ Wsa8840

Qualcomm ≫ Wsa8845 Firmware Version-

Qualcomm ≫ Wsa8845

Qualcomm ≫ Wsa8845h Firmware Version-

Qualcomm ≫ Wsa8845h

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
product-security@qualcomm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45580

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45580

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45580

EUVD