SecuriTricks - CVE-2024-45541

Description

Memory corruption when IOCTL call is invoked from user-space to read board data.

Product(s) Impacted

Vendor	Product	Versions
Qualcomm	Aqt1000 Firmware Aqt1000 Fastconnect 6200 Firmware Fastconnect 6200 Fastconnect 6700 Firmware Fastconnect 6700 Fastconnect 6800 Firmware Fastconnect 6800 Fastconnect 6900 Firmware Fastconnect 6900 Fastconnect 7800 Firmware Fastconnect 7800 Qca1062 Firmware Qca1062 Qca1064 Firmware Qca1064 Qca2062 Firmware Qca2062 Qca2064 Firmware Qca2064 Qca2065 Firmware Qca2065 Qca2066 Firmware Qca2066 Qca6391 Firmware Qca6391 Qca6420 Firmware Qca6420 Qca6430 Firmware Qca6430 Qca6595au Firmware Qca6595au Qcc2073 Firmware Qcc2073 Qcc2076 Firmware Qcc2076 Qcm5430 Firmware Qcm5430 Qcm6490 Firmware Qcm6490 Qcn7605 Firmware Qcn7605 Qcn7606 Firmware Qcn7606 Qcs5430 Firmware Qcs5430 Qcs6490 Firmware Qcs6490 Video Collaboration Vc3 Firmware Video Collaboration Vc3 Sc8180x\+sdx55 Firmware Sc8180x\+sdx55 Sc8380xp Firmware Sc8380xp Sm6250 Firmware Sm6250 Snapdragon 7c Compute Platform Firmware Snapdragon 7c Compute Platform Snapdragon 7c Gen 2 Compute Platform Firmware Snapdragon 7c Gen 2 Compute Platform Snapdragon 7c\+ Gen 3 Compute Firmware Snapdragon 7c\+ Gen 3 Compute Sc8180x-ad Firmware Sc8180x-ad Sc8180xp-ad Firmware Sc8180xp-ad Sc8180x-aaab Firmware Sc8180x-aaab Sc8180xp-acaf Firmware Sc8180xp-acaf Sc8180x-acaf Firmware Sc8180x-acaf Sc8180xp-aaab Firmware Sc8180xp-aaab Sc8280xp-abbb Firmware Sc8280xp-abbb Wcd9340 Firmware Wcd9340 Wcd9341 Firmware Wcd9341 Wcd9370 Firmware Wcd9370 Wcd9375 Firmware Wcd9375 Wcd9380 Firmware Wcd9380 Wcd9385 Firmware Wcd9385 Wsa8810 Firmware Wsa8810 Wsa8815 Firmware Wsa8815 Wsa8830 Firmware Wsa8830 Wsa8835 Firmware Wsa8835 Wsa8840 Firmware Wsa8840 Wsa8845 Firmware Wsa8845 Wsa8845h Firmware Wsa8845h	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	qualcomm	aqt1000_firmware	-	/	/	/	/	/	/	/
h	qualcomm	aqt1000	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6200_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6200	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6700_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6700	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6800	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_6900_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_6900	-	/	/	/	/	/	/	/
o	qualcomm	fastconnect_7800_firmware	-	/	/	/	/	/	/	/
h	qualcomm	fastconnect_7800	-	/	/	/	/	/	/	/
o	qualcomm	qca1062_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca1062	-	/	/	/	/	/	/	/
o	qualcomm	qca1064_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca1064	-	/	/	/	/	/	/	/
o	qualcomm	qca2062_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca2062	-	/	/	/	/	/	/	/
o	qualcomm	qca2064_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca2064	-	/	/	/	/	/	/	/
o	qualcomm	qca2065_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca2065	-	/	/	/	/	/	/	/
o	qualcomm	qca2066_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca2066	-	/	/	/	/	/	/	/
o	qualcomm	qca6391_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6391	-	/	/	/	/	/	/	/
o	qualcomm	qca6420_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6420	-	/	/	/	/	/	/	/
o	qualcomm	qca6430_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6430	-	/	/	/	/	/	/	/
o	qualcomm	qca6595au_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qca6595au	-	/	/	/	/	/	/	/
o	qualcomm	qcc2073_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcc2073	-	/	/	/	/	/	/	/
o	qualcomm	qcc2076_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcc2076	-	/	/	/	/	/	/	/
o	qualcomm	qcm5430_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcm5430	-	/	/	/	/	/	/	/
o	qualcomm	qcm6490_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcm6490	-	/	/	/	/	/	/	/
o	qualcomm	qcn7605_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcn7605	-	/	/	/	/	/	/	/
o	qualcomm	qcn7606_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcn7606	-	/	/	/	/	/	/	/
o	qualcomm	qcs5430_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcs5430	-	/	/	/	/	/	/	/
o	qualcomm	qcs6490_firmware	-	/	/	/	/	/	/	/
h	qualcomm	qcs6490	-	/	/	/	/	/	/	/
o	qualcomm	video_collaboration_vc3_firmware	-	/	/	/	/	/	/	/
h	qualcomm	video_collaboration_vc3	-	/	/	/	/	/	/	/
o	qualcomm	sc8180x\+sdx55_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180x\+sdx55	-	/	/	/	/	/	/	/
o	qualcomm	sc8380xp_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8380xp	-	/	/	/	/	/	/	/
o	qualcomm	sm6250_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sm6250	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_7c_compute_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_7c_compute_platform	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_7c_gen_2_compute_platform_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_7c_gen_2_compute_platform	-	/	/	/	/	/	/	/
o	qualcomm	snapdragon_7c\+_gen_3_compute_firmware	-	/	/	/	/	/	/	/
h	qualcomm	snapdragon_7c\+_gen_3_compute	-	/	/	/	/	/	/	/
o	qualcomm	sc8180x-ad_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180x-ad	-	/	/	/	/	/	/	/
o	qualcomm	sc8180xp-ad_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180xp-ad	-	/	/	/	/	/	/	/
o	qualcomm	sc8180x-aaab_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180x-aaab	-	/	/	/	/	/	/	/
o	qualcomm	sc8180xp-acaf_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180xp-acaf	-	/	/	/	/	/	/	/
o	qualcomm	sc8180x-acaf_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180x-acaf	-	/	/	/	/	/	/	/
o	qualcomm	sc8180xp-aaab_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8180xp-aaab	-	/	/	/	/	/	/	/
o	qualcomm	sc8280xp-abbb_firmware	-	/	/	/	/	/	/	/
h	qualcomm	sc8280xp-abbb	-	/	/	/	/	/	/	/
o	qualcomm	wcd9340_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9340	-	/	/	/	/	/	/	/
o	qualcomm	wcd9341_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9341	-	/	/	/	/	/	/	/
o	qualcomm	wcd9370_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9370	-	/	/	/	/	/	/	/
o	qualcomm	wcd9375_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9375	-	/	/	/	/	/	/	/
o	qualcomm	wcd9380_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9380	-	/	/	/	/	/	/	/
o	qualcomm	wcd9385_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wcd9385	-	/	/	/	/	/	/	/
o	qualcomm	wsa8810_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8810	-	/	/	/	/	/	/	/
o	qualcomm	wsa8815_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8815	-	/	/	/	/	/	/	/
o	qualcomm	wsa8830_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8830	-	/	/	/	/	/	/	/
o	qualcomm	wsa8835_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8835	-	/	/	/	/	/	/	/
o	qualcomm	wsa8840_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8840	-	/	/	/	/	/	/	/
o	qualcomm	wsa8845_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8845	-	/	/	/	/	/	/	/
o	qualcomm	wsa8845h_firmware	-	/	/	/	/	/	/	/
h	qualcomm	wsa8845h	-	/	/	/	/	/	/	/

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

CVSS Score

7.8 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

Published: Jan. 6, 2025, 11:15 a.m.
Last Modified: Jan. 13, 2025, 9:50 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

CVE-2024-45541