CVE-2024-45560

Q: What is the severity of CVE-2024-45560?

CVE-2024-45560 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm hardware encoders when taking snapshots due to unvalidated userspace buffers. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm hardware components.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm hardware encoders when taking snapshots due to unvalidated userspace buffers. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm hardware components.

💻 Affected Systems

Products:

Qualcomm hardware with affected encoder components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipsets

Operating Systems: Android, Linux-based systems using Qualcomm hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires hardware encoder usage; vulnerability in firmware/driver layer

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crash or denial of service affecting video/imaging functionality

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and sandboxing

🌐 Internet-Facing: MEDIUM - Requires specific hardware encoder usage patterns but could be triggered remotely

🏢 Internal Only: MEDIUM - Local privilege escalation possible if attacker gains initial access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of hardware encoder memory management and buffer validation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific firmware/driver versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm-provided patches 3. Update device drivers 4. Verify hardware encoder functionality

🔧 Temporary Workarounds

Disable hardware encoder snapshots

all

Prevent usage of vulnerable snapshot functionality in hardware encoder

Device-specific configuration required; consult manufacturer documentation

🧯 If You Can't Patch

Implement strict application sandboxing to limit impact
Monitor for abnormal hardware encoder usage patterns

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and firmware against advisory; examine hardware encoder driver versions

Check Version:

Device-specific commands; typically 'cat /proc/cpuinfo' or manufacturer diagnostic tools

Verify Fix Applied:

Verify firmware/driver version matches patched versions in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Hardware encoder crash logs
Memory corruption warnings in kernel logs
Abnormal snapshot process termination

Network Indicators:

Unusual video/imaging data patterns if exploited remotely

SIEM Query:

Search for hardware encoder process crashes or memory violation events in system logs

📊 Metadata

CVE ID: CVE-2024-45560

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.02% exploit probability (4.8th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8180x Aaab Firmware by Qualcomm

Sc8180x Acaf Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8280xp Abbb Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm