First published: Mon Jan 06 2025(Updated: )
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Qualcomm FastConnect 6900 Firmware | ||
Qualcomm Fastconnect 6900 Firmware | ||
All of | ||
Qualcomm FastConnect 7800 Firmware | ||
Qualcomm Fastconnect 7800 Firmware | ||
All of | ||
Qualcomm QCC2073 Firmware | ||
Qualcomm QCC2073 Firmware | ||
All of | ||
Qualcomm Qcc2076 Firmware | ||
Qualcomm Qcc2076 Firmware | ||
All of | ||
Qualcomm SC8380XP Firmware | ||
Qualcomm SC8380XP Firmware | ||
All of | ||
Qualcomm WCD9380 | ||
Qualcomm WCD9380 Firmware | ||
All of | ||
Qualcomm WCD9385 | ||
Qualcomm WCD9385 Firmware | ||
All of | ||
Qualcomm WSA8840 Firmware | ||
Qualcomm WSA8840 Firmware | ||
All of | ||
Qualcomm WSA8845H | ||
Qualcomm WSA8845 Firmware | ||
All of | ||
Qualcomm WSA8845 Firmware | ||
Qualcomm WSA8845H Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-45546 has a high severity due to memory corruption vulnerabilities in FIPS encryption or decryption IOCTL calls.
To mitigate CVE-2024-45546, update your Qualcomm Fastconnect firmware to the latest version provided by the manufacturer.
CVE-2024-45546 affects several Qualcomm firmware products, including Fastconnect 6900, Fastconnect 7800, and Qcc2073.
CVE-2024-45546 is classified as a memory corruption vulnerability that can be exploited through user-space IOCTL calls.
Not all Qualcomm devices are vulnerable; only specific firmware versions, such as those for Fastconnect and Qcc series, are impacted.