CVE-2024-45581

Q: What is the severity of CVE-2024-45581?

CVE-2024-45581 has a CVSS score of 6.6 (MEDIUM). This vulnerability allows memory corruption during sound model registration for voice activation in Qualcomm audio kernel drivers. Attackers could potentially execute arbitrary code with kernel privileges on affected devices. This affects Android devices and other products using Qualcomm chipsets with vulnerable audio drivers.

6.6 MEDIUM

📋 TL;DR

This vulnerability allows memory corruption during sound model registration for voice activation in Qualcomm audio kernel drivers. Attackers could potentially execute arbitrary code with kernel privileges on affected devices. This affects Android devices and other products using Qualcomm chipsets with vulnerable audio drivers.

💻 Affected Systems

Products:

Android devices with Qualcomm chipsets
Other embedded systems using Qualcomm audio drivers

Versions: Specific versions not detailed in reference; likely multiple Qualcomm chipset generations

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires voice activation/audio features enabled; exact chipset models not specified in provided reference

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level code execution, allowing complete control over the device, data theft, and persistence.

🟠

Likely Case

Local privilege escalation from user to kernel space, potentially leading to app sandbox escape and further system compromise.

🟢

If Mitigated

Limited impact due to SELinux/AppArmor policies and exploit mitigations, possibly resulting in denial of service only.

🌐 Internet-Facing: LOW - Requires local access or malicious app installation; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious apps or compromised user accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app; kernel driver vulnerabilities typically require specific timing/conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to May 2025 Qualcomm security bulletin for specific chipset patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for your chipset model 2. Obtain firmware update from device manufacturer 3. Apply update through standard OTA or flashing process 4. Reboot device

🔧 Temporary Workarounds

Disable voice activation features

android

Turn off voice wake-up/activation features to prevent triggering vulnerable code path

Settings > Security > Voice Match > Turn off "Hey Google"
Settings > Apps > Google > Permissions > Microphone > Deny

Restrict audio driver permissions

linux

Use SELinux/AppArmor to restrict audio kernel driver capabilities

setenforce 1
Configure appropriate SELinux policies for audio domains

🧯 If You Can't Patch

Implement strict app vetting and installation controls to prevent malicious apps
Use mobile device management (MDM) to enforce security policies and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check device chipset and firmware version against Qualcomm security bulletin; examine /proc/version or build properties

Check Version:

adb shell getprop ro.build.fingerprint or cat /proc/version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Audio service crashes
SELinux/AppArmor denials for audio domains

Network Indicators:

Unusual outbound connections from system processes post-exploit

SIEM Query:

process_name:"audio" AND (event_type:"crash" OR severity:"critical")

📊 Metadata

CVE ID: CVE-2024-45581

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-787

EPSS Score: 0.06% exploit probability (19.2th percentile)

Published: May 6, 2025

Last Updated: May 9, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9628 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm