CVE-2024-45574 – This vulnerability allows memory corruption in ... (How to Fix)

Q: What is the severity of CVE-2024-45574?

CVE-2024-45574 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in the Camera kernel of Qualcomm devices due to improper validation of array indices from invalid command data. Attackers could potentially execute arbitrary code with kernel privileges. Affects devices using vulnerable Qualcomm camera hardware/drivers.

📋 TL;DR

This vulnerability allows memory corruption in the Camera kernel of Qualcomm devices due to improper validation of array indices from invalid command data. Attackers could potentially execute arbitrary code with kernel privileges. Affects devices using vulnerable Qualcomm camera hardware/drivers.

💻 Affected Systems

Products:

Qualcomm camera hardware/drivers

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipsets.

Operating Systems: Android, Linux-based systems using Qualcomm camera components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm camera hardware; exact models depend on chipset versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level code execution, allowing complete control over the device, data theft, and persistence.

🟠

Likely Case

Local privilege escalation from a compromised app to kernel privileges, enabling further system compromise.

🟢

If Mitigated

Limited impact if SELinux/AppArmor properly configured and camera access restricted to trusted apps only.

🌐 Internet-Facing: LOW - Requires local access or app compromise to exploit.

🏢 Internal Only: MEDIUM - Malicious apps or compromised users could exploit this locally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to send malformed commands to camera kernel driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset patches.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset. 2. Obtain firmware update from device manufacturer. 3. Apply update via standard OTA or manual flash. 4. Reboot device.

🔧 Temporary Workarounds

Restrict camera permissions

android

Limit camera access to trusted apps only via Android permissions or SELinux policies.

Disable unnecessary camera features

all

Turn off camera services if not required in device settings.

🧯 If You Can't Patch

Implement strict app vetting to prevent malicious camera access.
Use network segmentation to isolate vulnerable devices from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check device chipset against Qualcomm advisory; examine kernel version for camera driver updates.

Check Version:

On Android: 'getprop ro.build.fingerprint' or check Settings > About phone

Verify Fix Applied:

Verify firmware version includes May 2025 or later security patches from manufacturer.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs related to camera driver
SELinux denials for camera access attempts

Network Indicators:

Unusual camera activation patterns from apps

SIEM Query:

source="kernel" AND "camera" AND ("panic" OR "oops")

📊 Metadata

CVE ID: CVE-2024-45574

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.03% exploit probability (6.5th percentile)

Published: May 6, 2025

Last Updated: May 9, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45574, you might also want to check these: