CVE-2024-45555 HIGH

CVE-2024-45555: Integer Overflow to Buffer Overflow in Automotive OS Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Weakness CWE-787

Published January 6, 2025

Last update February 28, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.

Key dates

02Disclosure timeline

January 6, 2025 CVE published

February 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45555 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2024-45555

CWE CWE-787

CVSS 8.4 / HIGH

Affected versions

Vendor Qualcomm, Inc.

Product Snapdragon

Affected MSM8996AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8255P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8295P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8620P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8650P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8775P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAMSRV1H

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAMSRV1M

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6564A

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6564AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6574A

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6574AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6584AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6595

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6595AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6688AQ

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6696

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6698AQ

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6145P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6150P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6155

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6155P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA7255P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA7775P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8145P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8150P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8155

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8155P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8195P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8255P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8295P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8540P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8620P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8650P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8770P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8775P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA9000P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 820 Automotive Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SRV1H

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SRV1L

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SRV1M

CVE-2024-45555: Integer Overflow to Buffer Overflow in Automotive OS Platform

01Description

02Disclosure timeline

03References

04Related CVE