CVE-2024-45555 (GCVE-0-2024-45555)

Vulnerability from cvelistv5 – Published: 2025-01-06 10:33 – Updated: 2025-02-28 06:09
VLAI?
Title
Integer Overflow to Buffer Overflow in Automotive OS Platform
Summary
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
Severity ?
8.4 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: MSM8996AU
Affected: QAM8255P
Affected: QAM8295P
Affected: QAM8620P
Affected: QAM8650P
Affected: QAM8775P
Affected: QAMSRV1H
Affected: QAMSRV1M
Affected: QCA6564A
Affected: QCA6564AU
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6584AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6688AQ
Affected: QCA6696
Affected: QCA6698AQ
Affected: SA6145P
Affected: SA6150P
Affected: SA6155
Affected: SA6155P
Affected: SA7255P
Affected: SA7775P
Affected: SA8145P
Affected: SA8150P
Affected: SA8155
Affected: SA8155P
Affected: SA8195P
Affected: SA8255P
Affected: SA8295P
Affected: SA8540P
Affected: SA8620P
Affected: SA8650P
Affected: SA8770P
Affected: SA8775P
Affected: SA9000P
Affected: Snapdragon 820 Automotive Platform
Affected: SRV1H
Affected: SRV1L
Affected: SRV1M
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T14:07:31.315472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T14:18:34.450Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MSM8996AU"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8540P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Automotive Platform"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T06:09:05.191Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html"
        }
      ],
      "title": "Integer Overflow to Buffer Overflow in Automotive OS Platform"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-45555",
    "datePublished": "2025-01-06T10:33:30.879Z",
    "dateReserved": "2024-09-02T10:26:15.223Z",
    "dateUpdated": "2025-02-28T06:09:05.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-45555",
      "date": "2026-05-07",
      "epss": "0.00018",
      "percentile": "0.04644"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45555\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2025-01-06T11:15:10.383\",\"lastModified\":\"2025-01-13T21:51:26.350\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.\"},{\"lang\":\"es\",\"value\":\"Se puede producir una corrupci\u00f3n de la memoria si se sobrescribe una imagen IFS2 ya verificada, lo que evita la verificaci\u00f3n de arranque. Esto permite que se inyecten programas no autorizados en im\u00e1genes sensibles a la seguridad, lo que permite el arranque de una imagen del sistema IFS2 alterada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA1E7B0-782B-4757-B118-802943798984\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95CB08EC-AE12-4A54-AA3C-998F01FC8763\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3723C7B1-A7E2-401F-8D6D-189350F6BCA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B12B89EF-7B12-481E-BCBC-F12B9D16321A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D9E281-B382-41AC-84CB-5B1063E5AC51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44EBEBD5-98C3-493B-A108-FD4DE6FFBE97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qam8620p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBAC2260-52E3-49DE-97EA-F80DBD837FD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qam8620p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17599B8D-5753-4408-B4CD-AAA65C826922\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"295E75BD-2A6C-4A76-A376-A9977DDB17FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD37AA1A-B911-45BF-9BCC-C772FA83E657\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B2DF91-BE6B-4E9E-B63C-98DADD29AD6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58170126-928F-4AE5-B5AF-5ED4710F9BA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8673334-5E11-4E95-B33D-3029499F71DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE03AB2A-3ED9-4489-8E5B-4FCF8BAA8559\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E646738-6A87-4470-9640-6A5A1DF3AF78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"886124F6-B397-4EB6-8E01-6012E468ABE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93ED74CE-6BF2-4983-8780-07D5336745B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B59672A0-2FA6-46CC-B75A-C599B842AFB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3847F4A5-90A5-4C84-B43F-0DDD81BD79CE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"828CFB37-76A6-4927-9D00-AF9A1C432DD6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11405993-5903-4716-B452-370281034B42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D527E2B1-2A46-4FBA-9F7A-F5543677C8FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8374DDB3-D484-4141-AE0C-42333D2721F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3DDA896-576C-44B8-85B6-F71F473F776B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A87BDA-5B24-4212-BAB3-D2BBB2F4162E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643EC76D-2836-48E6-81DA-78C4883C33CA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477F6529-4CE1-44FC-B6EE-D24D44C71AE7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288F637F-22F8-47CF-B67F-C798A730A1BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0996EA3-1C92-4933-BE34-9CF625E59FE7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6688aq_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFBD264F-F24A-4CDD-B316-9514A61B91E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6688aq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94CC5BC4-011D-4D2B-8891-97FBF61FD783\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE207DB-9770-40ED-961D-FDA75965826F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E23922D-C37F-476F-A623-4C1458A9156F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA1F8F4-EAF2-4704-A8A6-19AD3CA1B577\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F7853D-09EE-476F-B48D-BB30AEB4A67D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C66671C1-AE1A-44BE-9DB2-0B09FF4417DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74AA3929-3F80-4D54-B13A-9B070D5C03BB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"054F77D6-FC66-4151-9005-DC7ECDB5C722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ED3F589-16D9-46A7-A539-C9862473EE0D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C40544E-B040-491C-8DF3-50225E70B50C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2DAC85C-CDC9-4784-A69A-147A2CE8A8B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0514D433-162C-4680-8912-721D19BE6201\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B651F0A-34DA-400F-A376-B499BFDF8E86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CFF093D-98C8-470F-8330-E5126E06343A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C32CA38-5D48-4108-9858-FD66E20CAF2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1997F8B-17B8-4DE3-BCF7-726928720592\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71D74B0-0963-49FD-8E97-148C8993B263\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910CBFA4-50F7-4C7A-B9B9-B88C8A919827\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69C1B02F-8D2D-42E7-B70D-41F4D9844FD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FEACAA9-C061-4713-9A54-37D8BFC0B00B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F33EB594-B0D3-42F2-B1CA-B0E6C9D82C6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50EF47E5-2875-412F-815D-44804BB3A739\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8648B38-2597-401A-8F53-D582FA911569\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01CD59B-8F21-4CD6-8A1A-7B37547A8715\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51BC0A66-493B-43BE-B51F-640BDF2FF32E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC6E268D-C4AF-4950-9223-39EA36D538A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073C1A81-D02B-4F2F-9378-CD1B2DCE0E5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A19659B-A0C3-44B7-8D54-BA21729873A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F978041A-CE28-4BDF-A7DB-F0360F1A5F14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FE8B62D-83B4-4326-8A53-FED5947D5FFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D6F8899-136A-4A57-9F02-BD428E1663DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACE6D64-A498-482F-8270-718F4884CFFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6E016D6-1B83-4261-A27E-1F9873F81E14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E807AA-5646-48AD-9A5C-B0B13E222AA9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45FBB72B-B850-4E3F-ACBB-9392157FF131\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"781CCC31-C08F-499B-BE73-6C7DB70437AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75AFAA21-0589-4C6A-9418-34EE8A61BBAD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa8775p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C79595B-1259-4431-96F9-C5A24E624305\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa8775p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F2F3431-9CD7-4D4F-833D-DD4D3ACF94C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A024AB04-B213-4018-A4C1-FA467C7BA775\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A8AB7C-5D34-4794-8C06-2193075B323F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_820_automotive_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73954A37-654B-4EE2-B14F-A70A992CA807\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_820_automotive:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC6A42E7-0D95-4697-9088-41E92600C16A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD199F5-DA68-4BEB-AA99-11572DA26B4F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:srv1l_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B88B3A43-24DD-44EB-AEF1-B7ECAB97C0FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:srv1l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07602885-8BEA-4820-A8F5-41E909718FBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B29E7F-8BFE-466A-B357-63F8A2160C4E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D55CC7D-2E65-4CA9-9892-B6FBCC087E6F\"}]}]}],\"references\":[{\"url\":\"https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45555\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-06T14:07:31.315472Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-06T14:10:45.538Z\"}}], \"cna\": {\"title\": \"Integer Overflow to Buffer Overflow in Automotive OS Platform\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"MSM8996AU\"}, {\"status\": \"affected\", \"version\": \"QAM8255P\"}, {\"status\": \"affected\", \"version\": \"QAM8295P\"}, {\"status\": \"affected\", \"version\": \"QAM8620P\"}, {\"status\": \"affected\", \"version\": \"QAM8650P\"}, {\"status\": \"affected\", \"version\": \"QAM8775P\"}, {\"status\": \"affected\", \"version\": \"QAMSRV1H\"}, {\"status\": \"affected\", \"version\": \"QAMSRV1M\"}, {\"status\": \"affected\", \"version\": \"QCA6564A\"}, {\"status\": \"affected\", \"version\": \"QCA6564AU\"}, {\"status\": \"affected\", \"version\": \"QCA6574A\"}, {\"status\": \"affected\", \"version\": \"QCA6574AU\"}, {\"status\": \"affected\", \"version\": \"QCA6584AU\"}, {\"status\": \"affected\", \"version\": \"QCA6595\"}, {\"status\": \"affected\", \"version\": \"QCA6595AU\"}, {\"status\": \"affected\", \"version\": \"QCA6688AQ\"}, {\"status\": \"affected\", \"version\": \"QCA6696\"}, {\"status\": \"affected\", \"version\": \"QCA6698AQ\"}, {\"status\": \"affected\", \"version\": \"SA6145P\"}, {\"status\": \"affected\", \"version\": \"SA6150P\"}, {\"status\": \"affected\", \"version\": \"SA6155\"}, {\"status\": \"affected\", \"version\": \"SA6155P\"}, {\"status\": \"affected\", \"version\": \"SA7255P\"}, {\"status\": \"affected\", \"version\": \"SA7775P\"}, {\"status\": \"affected\", \"version\": \"SA8145P\"}, {\"status\": \"affected\", \"version\": \"SA8150P\"}, {\"status\": \"affected\", \"version\": \"SA8155\"}, {\"status\": \"affected\", \"version\": \"SA8155P\"}, {\"status\": \"affected\", \"version\": \"SA8195P\"}, {\"status\": \"affected\", \"version\": \"SA8255P\"}, {\"status\": \"affected\", \"version\": \"SA8295P\"}, {\"status\": \"affected\", \"version\": \"SA8540P\"}, {\"status\": \"affected\", \"version\": \"SA8620P\"}, {\"status\": \"affected\", \"version\": \"SA8650P\"}, {\"status\": \"affected\", \"version\": \"SA8770P\"}, {\"status\": \"affected\", \"version\": \"SA8775P\"}, {\"status\": \"affected\", \"version\": \"SA9000P\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 820 Automotive Platform\"}, {\"status\": \"affected\", \"version\": \"SRV1H\"}, {\"status\": \"affected\", \"version\": \"SRV1L\"}, {\"status\": \"affected\", \"version\": \"SRV1M\"}], \"platforms\": [\"Snapdragon Auto\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2025-02-28T06:09:05.191Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45555\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-28T06:09:05.191Z\", \"dateReserved\": \"2024-09-02T10:26:15.223Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2025-01-06T10:33:30.879Z\", \"assignerShortName\": \"qualcomm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.