CVE-2024-45542

Q: What is the severity of CVE-2024-45542?

CVE-2024-45542 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption when a user-space application makes a specific IOCTL call to write board data to the WLAN driver. Attackers could potentially execute arbitrary code or cause system crashes. Affects systems using Qualcomm WLAN drivers with vulnerable IOCTL handlers.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption when a user-space application makes a specific IOCTL call to write board data to the WLAN driver. Attackers could potentially execute arbitrary code or cause system crashes. Affects systems using Qualcomm WLAN drivers with vulnerable IOCTL handlers.

💻 Affected Systems

Products:

Qualcomm WLAN drivers

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected versions.

Operating Systems: Android, Linux, Windows (systems using Qualcomm WLAN hardware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the driver's IOCTL handler; exploitation requires ability to call the vulnerable IOCTL from user-space.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local denial of service (system crash/BSOD) or limited privilege escalation within the user context.

🟢

If Mitigated

No impact if proper access controls prevent unprivileged users from making IOCTL calls to the driver.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious local users or compromised applications could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of driver internals and memory layout; local access needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific patched driver versions.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

Restart Required: No

Instructions:

1. Review Qualcomm security bulletin for affected driver versions. 2. Obtain updated driver from device manufacturer or Qualcomm. 3. Install updated driver following vendor instructions. 4. Verify driver version after update.

🔧 Temporary Workarounds

Restrict IOCTL access

all

Use operating system security policies to restrict which users/applications can make IOCTL calls to the WLAN driver.

Platform-specific: Use SELinux/AppArmor policies on Linux, or Windows security descriptors.

🧯 If You Can't Patch

Implement strict access controls to limit which users can interact with WLAN driver interfaces.
Monitor for unusual driver activity or crashes that might indicate exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check WLAN driver version against Qualcomm's advisory; examine system logs for IOCTL-related errors.

Check Version:

Platform-specific: On Linux, use 'modinfo wlan_driver_module' or similar; on Windows, check driver properties in Device Manager.

Verify Fix Applied:

Verify driver version matches patched version from Qualcomm bulletin; test IOCTL functionality if possible.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs, driver crash dumps, unusual IOCTL calls to WLAN driver in system logs.

Network Indicators:

None directly; exploitation is local.

SIEM Query:

Search for events related to WLAN driver crashes or privileged IOCTL calls from non-trusted processes.

📊 Metadata

CVE ID: CVE-2024-45542

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.14% exploit probability (33.7th percentile)

Published: January 6, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8180x Aaab Firmware by Qualcomm

Sc8180x Acaf Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8180xp Aaab Firmware by Qualcomm

Sc8180xp Acaf Firmware by Qualcomm

Sc8180xp Ad Firmware by Qualcomm

Sc8280xp Abbb Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Snapdragon 7c Compute Platform Firmware by Qualcomm

Snapdragon 7c Gen 2 Compute Platform Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm