CVE-2024-53032

March 7, 2025, 11:51 a.m.

7.8
High

Description

Memory corruption may occur in keyboard virtual device due to guest VM interaction.

Product(s) Impacted

Vendor Product Versions
Qualcomm
  • Qam8255p Firmware
  • Qam8255p
  • Qam8295p Firmware
  • Qam8295p
  • Qam8620p Firmware
  • Qam8620p
  • Qam8650p Firmware
  • Qam8650p
  • Qam8775p Firmware
  • Qam8775p
  • Qamsrv1h Firmware
  • Qamsrv1h
  • Qamsrv1m Firmware
  • Qamsrv1m
  • Qca6574au Firmware
  • Qca6574au
  • Qca6595 Firmware
  • Qca6595
  • Qca6595au Firmware
  • Qca6595au
  • Qca6688aq Firmware
  • Qca6688aq
  • Qca6696 Firmware
  • Qca6696
  • Qca6698aq Firmware
  • Qca6698aq
  • Sa7255p Firmware
  • Sa7255p
  • Sa7775p Firmware
  • Sa7775p
  • Sa8255p Firmware
  • Sa8255p
  • Sa8295p Firmware
  • Sa8295p
  • Sa8540p Firmware
  • Sa8540p
  • Sa8620p Firmware
  • Sa8620p
  • Sa8650p Firmware
  • Sa8650p
  • Sa8770p Firmware
  • Sa8770p
  • Sa8775p Firmware
  • Sa8775p
  • Sa9000p Firmware
  • Sa9000p
  • Srv1h Firmware
  • Srv1h
  • Srv1l Firmware
  • Srv1l
  • Srv1m Firmware
  • Srv1m
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm qam8255p_firmware - / / / / / / /
h qualcomm qam8255p / / / / / / / /
o qualcomm qam8295p_firmware - / / / / / / /
h qualcomm qam8295p / / / / / / / /
o qualcomm qam8620p_firmware - / / / / / / /
h qualcomm qam8620p / / / / / / / /
o qualcomm qam8650p_firmware - / / / / / / /
h qualcomm qam8650p / / / / / / / /
o qualcomm qam8775p_firmware - / / / / / / /
h qualcomm qam8775p / / / / / / / /
o qualcomm qamsrv1h_firmware - / / / / / / /
h qualcomm qamsrv1h / / / / / / / /
o qualcomm qamsrv1m_firmware - / / / / / / /
h qualcomm qamsrv1m / / / / / / / /
o qualcomm qca6574au_firmware - / / / / / / /
h qualcomm qca6574au / / / / / / / /
o qualcomm qca6595_firmware - / / / / / / /
h qualcomm qca6595 / / / / / / / /
o qualcomm qca6595au_firmware - / / / / / / /
h qualcomm qca6595au / / / / / / / /
o qualcomm qca6688aq_firmware - / / / / / / /
h qualcomm qca6688aq / / / / / / / /
o qualcomm qca6696_firmware - / / / / / / /
h qualcomm qca6696 / / / / / / / /
o qualcomm qca6698aq_firmware - / / / / / / /
h qualcomm qca6698aq / / / / / / / /
o qualcomm sa7255p_firmware - / / / / / / /
h qualcomm sa7255p / / / / / / / /
o qualcomm sa7775p_firmware - / / / / / / /
h qualcomm sa7775p / / / / / / / /
o qualcomm sa8255p_firmware - / / / / / / /
h qualcomm sa8255p / / / / / / / /
o qualcomm sa8295p_firmware - / / / / / / /
h qualcomm sa8295p / / / / / / / /
o qualcomm sa8540p_firmware - / / / / / / /
h qualcomm sa8540p / / / / / / / /
o qualcomm sa8620p_firmware - / / / / / / /
h qualcomm sa8620p / / / / / / / /
o qualcomm sa8650p_firmware - / / / / / / /
h qualcomm sa8650p / / / / / / / /
o qualcomm sa8770p_firmware - / / / / / / /
h qualcomm sa8770p / / / / / / / /
o qualcomm sa8775p_firmware - / / / / / / /
h qualcomm sa8775p / / / / / / / /
o qualcomm sa9000p_firmware - / / / / / / /
h qualcomm sa9000p / / / / / / / /
o qualcomm srv1h_firmware - / / / / / / /
h qualcomm srv1h / / / / / / / /
o qualcomm srv1l_firmware - / / / / / / /
h qualcomm srv1l / / / / / / / /
o qualcomm srv1m_firmware - / / / / / / /
h qualcomm srv1m / / / / / / / /

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Tags

CWE-367
product-security@qualcomm.com
2025-03-03
CVE-2024-53032

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: March 3, 2025, 11:15 a.m.
Last Modified: March 7, 2025, 11:51 a.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.