CVE-2024-45584

Q: What is the severity of CVE-2024-45584?

CVE-2024-45584 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption when userspace makes a compat IOCTL call followed by a normal IOCTL call, potentially leading to privilege escalation or denial of service. It affects Qualcomm-based devices and systems using vulnerable Qualcomm components. Attackers could exploit this to gain elevated privileges or crash systems.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption when userspace makes a compat IOCTL call followed by a normal IOCTL call, potentially leading to privilege escalation or denial of service. It affects Qualcomm-based devices and systems using vulnerable Qualcomm components. Attackers could exploit this to gain elevated privileges or crash systems.

💻 Affected Systems

Products:

Qualcomm chipsets and components

Versions: Specific versions not detailed in reference; affected versions listed in Qualcomm February 2025 bulletin

Operating Systems: Linux-based systems using Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm hardware/drivers; exact configurations depend on specific chipset implementations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing attackers to bypass security controls, install persistent malware, or access sensitive data.

🟠

Likely Case

Local privilege escalation allowing unprivileged users to gain root/admin access, or denial of service causing system instability or crashes.

🟢

If Mitigated

Limited impact with proper access controls and isolation, potentially only affecting specific services or containers.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit for privilege escalation; risk increases in multi-user environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to make specific IOCTL calls; exploitation depends on memory layout and timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available per Qualcomm February 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check Qualcomm advisory for specific patches for your chipset. 2. Apply vendor-provided patches or firmware updates. 3. Update affected drivers/kernel modules. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Restrict IOCTL access

all

Limit userspace access to vulnerable IOCTL interfaces through SELinux/apparmor policies or capability restrictions

setcap -r /path/to/vulnerable_binary
chmod 750 /dev/vulnerable_device

🧯 If You Can't Patch

Implement strict access controls to limit which users can execute vulnerable IOCTL calls
Isolate affected systems in network segments and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset/driver versions against affected versions in February 2025 bulletin; examine kernel logs for IOCTL-related warnings

Check Version:

uname -r && modinfo qualcomm_driver_module | grep version

Verify Fix Applied:

Verify patch application through driver/kernel version checks; test IOCTL functionality remains operational without crashes

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory corruption warnings
IOCTL-related errors or crashes in system logs
Unexpected privilege escalation attempts

Network Indicators:

None - local exploitation only

SIEM Query:

source="kernel" AND ("corruption" OR "IOCTL" OR "segfault") AND process="vulnerable_driver"

📊 Metadata

CVE ID: CVE-2024-45584

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-822

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 460 Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 662 Mobile Firmware by Qualcomm

Snapdragon 680 4g Mobile Firmware by Qualcomm