CRITICAL🇵🇱 Wersja polska

CVE-2024-45569

CVSS 9.8v3.1pub. 2025-02-03upd. 2025-02-05

Memory corruption while parsing the ML IE due to invalid frame content.

🤖 AI Analysis
How it works

An error classified as CWE-129 (improper validation of array index) occurs during parsing of the ML IE (Multi-Link Information Element) information element. When the processed frame contains invalid content, missing or insufficient array index validation leads to memory corruption. An attacker can craft an appropriately modified frame and send it to a vulnerable device without requiring any privileges.

Impact

Successful exploitation can lead to device takeover, disclosure of confidential data, data modification, or complete system unavailability (violation of confidentiality, integrity, and availability at a high level).

Mitigation & patch

Apply patches available from the manufacturer according to references — Qualcomm security bulletin from February 2025 (https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html). OEM device manufacturers using Qualcomm chipsets should immediately deploy firmware updates provided by Qualcomm.

Who is affected

Firmware of Qualcomm devices: AR8035, CSR8811, FastConnect 6700, and other products listed in the Qualcomm security bulletin from February 2025.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Ar8035

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar8035 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5010

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5010 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5028

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5028 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5300

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5300 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5302

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq5302 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-47372CRITICAL9.0PL ✓ten sam produkt

Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21483CRITICAL9.8PL ✓ten sam produkt

Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-33066CRITICAL9.8PL ✓ten sam produkt

Qualcomm Snapdragon – memory corruption przy przekierowaniu pliku logów