CVE-2024-45563 – This vulnerability allows memory corruption in ... (How to Fix)

Q: What is the severity of CVE-2024-45563?

CVE-2024-45563 has a CVSS score of 6.6 (MEDIUM). This vulnerability allows memory corruption in Qualcomm Camera Request Manager (CRM) when handling schedule requests due to an invalid link count in sessions. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable camera firmware.

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm Camera Request Manager (CRM) when handling schedule requests due to an invalid link count in sessions. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable camera firmware.

💻 Affected Systems

Products:

Qualcomm chipsets with Camera Request Manager (CRM) component

Versions: Specific versions not detailed in reference; affected versions prior to May 2025 patches

Operating Systems: Android, Linux-based systems using Qualcomm camera drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Requires camera functionality to be enabled and accessible to malicious actors.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting camera functionality, potentially requiring device reboot.

🟢

If Mitigated

Limited impact with proper sandboxing and privilege separation, potentially just camera app crashes.

🌐 Internet-Facing: MEDIUM - Requires camera access which could be triggered via malicious apps or web content with camera permissions.

🏢 Internal Only: MEDIUM - Local apps with camera permissions could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires camera access permissions and knowledge of memory corruption techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in May 2025 Qualcomm security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict camera permissions

all

Limit camera access to trusted applications only

Disable unnecessary camera features

all

Turn off camera functionality when not in use

🧯 If You Can't Patch

Implement strict application sandboxing and privilege separation
Monitor for abnormal camera process behavior and crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin; examine camera driver versions

Check Version:

adb shell getprop ro.build.fingerprint (for Android devices) or check device firmware settings

Verify Fix Applied:

Verify firmware version has been updated to post-May 2025 patches; test camera functionality

📡 Detection & Monitoring

Log Indicators:

Camera service crashes
Memory corruption errors in camera-related logs
Abnormal camera process termination

Network Indicators:

Unusual camera activation patterns
Suspicious app requesting camera permissions

SIEM Query:

source="camera" AND (event="crash" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2024-45563

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-787

EPSS Score: 0.03% exploit probability (6.5th percentile)

Published: May 6, 2025

Last Updated: May 9, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45563, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Sxr2250p Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm