CVE-2024-53021

Q: What is the severity of CVE-2024-53021?

CVE-2024-53021 has a CVSS score of 8.2 (HIGH). This vulnerability allows information disclosure when processing RTCP goodbye packets in Qualcomm products. Attackers can exploit this to leak sensitive data from affected systems. Primarily impacts devices using Qualcomm chipsets with vulnerable RTCP implementations.

8.2 HIGH

📋 TL;DR

This vulnerability allows information disclosure when processing RTCP goodbye packets in Qualcomm products. Attackers can exploit this to leak sensitive data from affected systems. Primarily impacts devices using Qualcomm chipsets with vulnerable RTCP implementations.

💻 Affected Systems

Products:

Qualcomm chipsets with RTCP implementations

Versions: Specific versions not detailed in reference; consult Qualcomm advisory for exact affected versions.

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems processing RTCP packets, typically in VoIP, video conferencing, or streaming applications using Qualcomm hardware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive data including authentication credentials, session keys, or proprietary information from memory leaks.

🟠

Likely Case

Partial information disclosure revealing system state, configuration details, or partial memory contents.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring detecting anomalous RTCP traffic.

🌐 Internet-Facing: MEDIUM - Requires RTCP traffic exposure to untrusted networks, which is common in VoIP/media applications.

🏢 Internal Only: LOW - Internal network exploitation requires attacker foothold and specific RTCP traffic patterns.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted RTCP goodbye packets to vulnerable systems. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm June 2025 security bulletin for specific patched versions.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Obtain firmware/software updates from device manufacturer. 3. Apply patches following vendor instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Network filtering

linux

Block or filter RTCP traffic at network boundaries

iptables -A INPUT -p udp --dport 5005 -j DROP
iptables -A INPUT -p udp --dport 5006 -j DROP

Disable vulnerable services

all

Disable RTCP processing in affected applications if not required

🧯 If You Can't Patch

Segment affected systems from untrusted networks
Implement strict network monitoring for anomalous RTCP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware/chipset version against Qualcomm advisory. Monitor for unexpected RTCP goodbye packet processing.

Check Version:

adb shell getprop ro.bootloader (for Android devices) or check device firmware settings

Verify Fix Applied:

Verify updated firmware version matches patched versions in Qualcomm bulletin. Test RTCP packet handling.

📡 Detection & Monitoring

Log Indicators:

Unexpected RTCP goodbye packet processing
Memory access violations in RTCP handling

Network Indicators:

Anomalous RTCP traffic patterns
UDP traffic on RTCP ports (typically 5005-5006) from untrusted sources

SIEM Query:

udp.dstport IN (5005, 5006) AND udp.length > [threshold] | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-53021

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

EPSS Score: 0.06% exploit probability (17th percentile)

Published: June 3, 2025

Last Updated: November 28, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

205 Mobile Platform Firmware by Qualcomm

215 Mobile Platform Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qcm2150 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8300 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Robotics Rb3 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm