CVE-2024-53031

March 7, 2025, 11:52 a.m.

7.8
High

Description

Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine.

Product(s) Impacted

Vendor Product Versions
Qualcomm
  • Qam8255p Firmware
  • Qam8255p
  • Qam8295p Firmware
  • Qam8295p
  • Qam8620p Firmware
  • Qam8620p
  • Qam8650p Firmware
  • Qam8650p
  • Qam8775p Firmware
  • Qam8775p
  • Qamsrv1h Firmware
  • Qamsrv1h
  • Qamsrv1m Firmware
  • Qamsrv1m
  • Qca6574au Firmware
  • Qca6574au
  • Qca6595 Firmware
  • Qca6595
  • Qca6595au Firmware
  • Qca6595au
  • Qca6688aq Firmware
  • Qca6688aq
  • Qca6696 Firmware
  • Qca6696
  • Qca6698aq Firmware
  • Qca6698aq
  • Sa7255p Firmware
  • Sa7255p
  • Sa7775p Firmware
  • Sa7775p
  • Sa8255p Firmware
  • Sa8255p
  • Sa8295p Firmware
  • Sa8295p
  • Sa8540p Firmware
  • Sa8540p
  • Sa8620p Firmware
  • Sa8620p
  • Sa8650p Firmware
  • Sa8650p
  • Sa8770p Firmware
  • Sa8770p
  • Sa8775p Firmware
  • Sa8775p
  • Sa9000p Firmware
  • Sa9000p
  • Srv1h Firmware
  • Srv1h
  • Srv1l Firmware
  • Srv1l
  • Srv1m Firmware
  • Srv1m
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm qam8255p_firmware - / / / / / / /
h qualcomm qam8255p / / / / / / / /
o qualcomm qam8295p_firmware - / / / / / / /
h qualcomm qam8295p / / / / / / / /
o qualcomm qam8620p_firmware - / / / / / / /
h qualcomm qam8620p / / / / / / / /
o qualcomm qam8650p_firmware - / / / / / / /
h qualcomm qam8650p / / / / / / / /
o qualcomm qam8775p_firmware - / / / / / / /
h qualcomm qam8775p / / / / / / / /
o qualcomm qamsrv1h_firmware - / / / / / / /
h qualcomm qamsrv1h / / / / / / / /
o qualcomm qamsrv1m_firmware - / / / / / / /
h qualcomm qamsrv1m / / / / / / / /
o qualcomm qca6574au_firmware - / / / / / / /
h qualcomm qca6574au / / / / / / / /
o qualcomm qca6595_firmware - / / / / / / /
h qualcomm qca6595 / / / / / / / /
o qualcomm qca6595au_firmware - / / / / / / /
h qualcomm qca6595au / / / / / / / /
o qualcomm qca6688aq_firmware - / / / / / / /
h qualcomm qca6688aq / / / / / / / /
o qualcomm qca6696_firmware - / / / / / / /
h qualcomm qca6696 / / / / / / / /
o qualcomm qca6698aq_firmware - / / / / / / /
h qualcomm qca6698aq / / / / / / / /
o qualcomm sa7255p_firmware - / / / / / / /
h qualcomm sa7255p / / / / / / / /
o qualcomm sa7775p_firmware - / / / / / / /
h qualcomm sa7775p / / / / / / / /
o qualcomm sa8255p_firmware - / / / / / / /
h qualcomm sa8255p / / / / / / / /
o qualcomm sa8295p_firmware - / / / / / / /
h qualcomm sa8295p / / / / / / / /
o qualcomm sa8540p_firmware - / / / / / / /
h qualcomm sa8540p / / / / / / / /
o qualcomm sa8620p_firmware - / / / / / / /
h qualcomm sa8620p / / / / / / / /
o qualcomm sa8650p_firmware - / / / / / / /
h qualcomm sa8650p / / / / / / / /
o qualcomm sa8770p_firmware - / / / / / / /
h qualcomm sa8770p / / / / / / / /
o qualcomm sa8775p_firmware - / / / / / / /
h qualcomm sa8775p / / / / / / / /
o qualcomm sa9000p_firmware - / / / / / / /
h qualcomm sa9000p / / / / / / / /
o qualcomm srv1h_firmware - / / / / / / /
h qualcomm srv1h / / / / / / / /
o qualcomm srv1l_firmware - / / / / / / /
h qualcomm srv1l / / / / / / / /
o qualcomm srv1m_firmware - / / / / / / /
h qualcomm srv1m / / / / / / / /

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Tags

CWE-20
CWE-787
product-security@qualcomm.com
2025-03-03
CVE-2024-53031

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: March 3, 2025, 11:15 a.m.
Last Modified: March 7, 2025, 11:52 a.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.