Details of VAR-202501-0453

ID

VAR-202501-0453

CVE

CVE-2024-45555

TITLE

Integer overflow vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2024-016438

DESCRIPTION

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. MSM8996AU firmware, qam8255p firmware, QAM8295P Multiple Qualcomm products, including firmware, contain an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-45555 // JVNDB: JVNDB-2024-016438

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sa7255p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	srv1h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8775p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qamsrv1m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8255p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8775p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	srv1m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa9000p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	srv1l	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa7775p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8650p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6688aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8650p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8295p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 820 automotive	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8620p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8620p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qamsrv1h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qam8255p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6698aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8770p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8540p	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	qam8620p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6574a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qamsrv1m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6595au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6564a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6564au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6584au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6595	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8775p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6698aq	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6688aq	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8650p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6145p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8295p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qam8255p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qamsrv1h	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6150p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6696	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-016438 // NVD: CVE-2024-45555

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2024-45555
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-45555
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-45555
value:	HIGH
Trust: 0.8

product-security@qualcomm.com:	CVE-2024-45555
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-45555
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-45555
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-016438 // NVD: CVE-2024-45555 // NVD: CVE-2024-45555

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-016438 // NVD: CVE-2024-45555

EXTERNAL IDS

db:	NVD	id:	CVE-2024-45555	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-016438	Trust: 0.8

sources: JVNDB: JVNDB-2024-016438 // NVD: CVE-2024-45555

REFERENCES

url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-45555	Trust: 0.8

sources: JVNDB: JVNDB-2024-016438 // NVD: CVE-2024-45555

SOURCES

db:	JVNDB	id:	JVNDB-2024-016438
db:	NVD	id:	CVE-2024-45555

LAST UPDATE DATE

2025-01-16T23:31:45.853000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-016438	date:	2025-01-15T04:48:00
db:	NVD	id:	CVE-2024-45555	date:	2025-01-13T21:51:26.350

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-016438	date:	2025-01-15T00:00:00
db:	NVD	id:	CVE-2024-45555	date:	2025-01-06T11:15:10.383