CVE-2024-53013

Q: What is the severity of CVE-2024-53013?

CVE-2024-53013 has a CVSS score of 6.6 (MEDIUM). This CVE describes a buffer overflow vulnerability in Qualcomm's voice call registration processing that could allow memory corruption. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This primarily affects mobile devices and telecommunications equipment using vulnerable Qualcomm chipsets.

6.6 MEDIUM

Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Qualcomm's voice call registration processing that could allow memory corruption. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This primarily affects mobile devices and telecommunications equipment using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm chipsets with voice call functionality

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset models

Operating Systems: Android and other mobile OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm modems/chipsets that process voice call registration. Exact models would be in Qualcomm's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Denial of service causing voice call failures, device crashes, or temporary service disruption

🟢

If Mitigated

Limited impact with proper network segmentation and security controls, potentially just service disruption

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed voice call registration data to vulnerable devices

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific chipset firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models
2. Obtain updated firmware from device manufacturer
3. Apply firmware update following manufacturer instructions
4. Reboot device to complete installation

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks

Disable vulnerable services

all

If possible, disable voice call functionality on non-essential devices

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal voice call registration attempts and device crashes

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's advisory

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Baseband version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Voice call service failures
Memory-related crash logs

Network Indicators:

Abnormal voice call registration patterns
Malformed SIP or telephony protocol packets

SIEM Query:

Search for device crash events or voice service failures on devices with Qualcomm chipsets

📊 Metadata

CVE ID: CVE-2024-53013

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-120

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: June 3, 2025

Last Updated: August 20, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C V2x 9150 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 820 Automotive Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon Xr2 5g Platform Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm