Memory Corruption Vulnerability in Qualcomm IFS2 Products
CVE-2024-45555

8.4HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 6 January 2025

What is CVE-2024-45555?

A memory corruption vulnerability in Qualcomm's IFS2 products can occur when a verified IFS2 image is overwritten without appropriate security checks. This allows an attacker to bypass the boot verification process, enabling the injection of unauthorized programs into sensitive system images. As a result, it creates the potential for malicious actors to boot a compromised IFS2 system image, posing significant risks to system integrity and security.

Affected Version(s)

Snapdragon Snapdragon Auto MSM8996AU

Snapdragon Snapdragon Auto QAM8255P

Snapdragon Snapdragon Auto QAM8295P

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Sep 2, 2024