Login Sign Up

CVE-2024-45566

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in Qualcomm components where concurrent buffer access leads to memory corruption when reference counts are improperly modified. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:
  • Qualcomm chipsets and associated firmware
Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models
Operating Systems: Android and other OS using Qualcomm components
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with specific Qualcomm chipsets; exact models would be in the vendor advisory.

📦 What is this software?

Fastconnect 6800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6800 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Snapdragon 429 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 429 Mobile Firmware →

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 870 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 870 5g Mobile Firmware →

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →

Snapdragon Xr2 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2 5g Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application or system crash causing denial of service, potentially leading to device instability.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires race condition exploitation which adds complexity but is feasible with sufficient access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset firmware updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot device.

🔧 Temporary Workarounds

Memory protection hardening

all

Enable ASLR and other memory protection features to reduce exploit reliability

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement strict access controls and monitoring for suspicious memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

Device-specific commands vary; typically 'getprop' on Android or manufacturer diagnostic tools

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes
  • Memory access violation logs
  • Kernel panic events

Network Indicators:

  • Unusual outbound connections from system processes

SIEM Query:

Process: (crash OR segfault) AND DeviceModel: (Qualcomm_chipset_models)

📊 Metadata

CVE ID: CVE-2024-45566
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.03% exploit probability (6.5th percentile)
Published: May 6, 2025
Last Updated: May 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45566, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)