CVE-2024-45582

Q: What is the severity of CVE-2024-45582?

CVE-2024-45582 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in the Camera kernel driver when validating the number of devices. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable camera drivers.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in the Camera kernel driver when validating the number of devices. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable camera drivers.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable camera drivers

Versions: Specific versions not detailed in reference; affected versions would be those prior to the February 2025 security bulletin patch

Operating Systems: Android and other mobile/embedded OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the camera kernel driver; devices must have camera hardware and use the affected Qualcomm driver.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain kernel-level access from a lower-privileged context, potentially leading to data access or system instability.

🟢

If Mitigated

Denial of service through kernel panic or system crash if memory corruption cannot be leveraged for code execution.

🌐 Internet-Facing: LOW - This appears to be a local kernel driver vulnerability requiring local access to the device.

🏢 Internal Only: HIGH - If an attacker gains local access to a vulnerable device, they could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout; CWE-129 (improper validation of array index) suggests buffer overflow potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in February 2025 Qualcomm security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply February 2025 or later Qualcomm security patches. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable camera access

android

Restrict camera permissions to prevent potential trigger of vulnerable code path

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to devices
Monitor for unusual camera driver activity or kernel crashes

🔍 How to Verify

Check if Vulnerable:

Check device security patch level - if before February 2025, likely vulnerable. Check Qualcomm chipset version against advisory.

Check Version:

On Android: Settings > About phone > Android security patch level

Verify Fix Applied:

Verify security patch level includes February 2025 or later Qualcomm updates. Check camera functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Camera driver crash reports
Unexpected privilege escalation attempts

Network Indicators:

Not network exploitable - focus on local system monitoring

SIEM Query:

Search for kernel panic events or camera service crashes in system logs

📊 Metadata

CVE ID: CVE-2024-45582

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn6450 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm