CVE-2024-45555: Integer Overflow to Buffer Overflow in Automotive OS Platform
First published: Mon Jan 06 2025(Updated: )
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| All of | ||
| Qualcomm QAM8255P | ||
| Qualcomm QAM8255P Firmware | ||
| All of | ||
| Qualcomm QAM8295P | ||
| Qualcomm QAM8295P | ||
| All of | ||
| Qualcomm QAM8620P | ||
| Qualcomm QAM8620P Firmware | ||
| All of | ||
| Qualcomm QAM8650P Firmware | ||
| Qualcomm QAM8650P Firmware | ||
| All of | ||
| Qualcomm QAM8775P | ||
| Qualcomm QAM8775P Firmware | ||
| All of | ||
| Qualcomm SRV1H Firmware | ||
| Qualcomm QAMSRV1H Firmware | ||
| All of | ||
| Qualcomm QAMSRV1M Firmware | ||
| Qualcomm QAMSRV1M Firmware | ||
| All of | ||
| Qualcomm QCA6564A | ||
| Qualcomm QCA6564A Firmware | ||
| All of | ||
| Qualcomm QCA6564AU Firmware | ||
| Qualcomm QCA6564A | ||
| All of | ||
| Qualcomm QCA6574A Firmware | ||
| qualcomm qca6574a firmware | ||
| All of | ||
| Qualcomm QCA6574 Firmware | ||
| Qualcomm QCA6574AU | ||
| All of | ||
| Qualcomm QCA6584AU Firmware | ||
| Qualcomm QCA6584AU firmware | ||
| All of | ||
| Qualcomm QCA6595AU Firmware | ||
| Qualcomm QCA6595AU Firmware | ||
| All of | ||
| Qualcomm QCA6595AU Firmware | ||
| Qualcomm QCA6595AU Firmware | ||
| All of | ||
| qualcomm qca6688aq firmware | ||
| Qualcomm QCA6688AQ | ||
| All of | ||
| Qualcomm QCA6696 Firmware | ||
| Qualcomm QCA6696 Firmware | ||
| All of | ||
| Qualcomm QCA6698AQ | ||
| Qualcomm QCA6698AQ Firmware | ||
| All of | ||
| Qualcomm SA6145P Firmware | ||
| Qualcomm SA6145P Firmware | ||
| All of | ||
| Qualcomm SA6150P Firmware | ||
| Qualcomm SA6150P Firmware | ||
| All of | ||
| Qualcomm SA6155 | ||
| Qualcomm SA6155 Firmware | ||
| All of | ||
| Qualcomm SA6155 | ||
| Qualcomm SA6155P | ||
| All of | ||
| Qualcomm SA7255P | ||
| qualcomm sa7255p firmware | ||
| All of | ||
| Qualcomm SA7775P Firmware | ||
| Qualcomm SA7775P Firmware | ||
| All of | ||
| Qualcomm SA8145P | ||
| Qualcomm SA8145P Firmware | ||
| All of | ||
| Qualcomm SA8150P Firmware | ||
| Qualcomm SA8150P Firmware | ||
| All of | ||
| Qualcomm SA8155P Firmware | ||
| Qualcomm SA8155 Firmware | ||
| All of | ||
| Qualcomm SA8155 | ||
| Qualcomm SA8155P Firmware | ||
| All of | ||
| Qualcomm SA8195P | ||
| Qualcomm SA8195P Firmware | ||
| All of | ||
| Qualcomm SA8255P Firmware | ||
| Qualcomm SA8255P Firmware | ||
| All of | ||
| Qualcomm SA8295P Firmware | ||
| Qualcomm SA8295P Firmware | ||
| All of | ||
| Qualcomm SA8540P | ||
| Qualcomm SA8540P Firmware | ||
| All of | ||
| Qualcomm SA8620P | ||
| Qualcomm SA8620P | ||
| All of | ||
| Qualcomm SA8650P | ||
| Qualcomm SA8650P | ||
| All of | ||
| Qualcomm SA8770P Firmware | ||
| qualcomm sa8770p firmware | ||
| All of | ||
| Qualcomm SA8775P | ||
| Qualcomm SA8775P | ||
| All of | ||
| Qualcomm SA9000P Firmware | ||
| Qualcomm SA9000P Firmware | ||
| All of | ||
| Qualcomm Snapdragon 820 Automotive Platform Firmware | ||
| Qualcomm Snapdragon 820 Automotive Platform Firmware | ||
| All of | ||
| Qualcomm SRV1H | ||
| Qualcomm SRV1H Firmware | ||
| All of | ||
| Qualcomm SRV1L Firmware | ||
| Qualcomm SRV1L Firmware | ||
| All of | ||
| Qualcomm SRV1M | ||
| Qualcomm SRV1M Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-45555?
CVE-2024-45555 has been classified as a high-severity vulnerability due to the potential for unauthorized program injection.
How does CVE-2024-45555 affect system security?
CVE-2024-45555 allows attackers to bypass boot verification, enabling them to boot tampered IFS2 system images.
What systems are affected by CVE-2024-45555?
CVE-2024-45555 affects various Qualcomm firmware versions including MSM8996AU, QAM8255P, QAM8295P, and several others.
How do I fix CVE-2024-45555?
Addressing CVE-2024-45555 requires updating the affected Qualcomm firmware to the latest security release that addresses this vulnerability.
Can CVE-2024-45555 lead to data breaches?
Yes, CVE-2024-45555 could potentially lead to data breaches by allowing the execution of unauthorized code on vulnerable devices.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/weakness
- agent/severity
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/qualcomm
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm qam8255p
- canonical/qualcomm qam8255p firmware
- canonical/qualcomm qam8295p
- canonical/qualcomm qam8620p
- canonical/qualcomm qam8620p firmware
- canonical/qualcomm qam8650p firmware
- canonical/qualcomm qam8775p
- canonical/qualcomm qam8775p firmware
- canonical/qualcomm srv1h firmware
- canonical/qualcomm qamsrv1h firmware
- canonical/qualcomm qamsrv1m firmware
- canonical/qualcomm qca6564a
- canonical/qualcomm qca6564a firmware
- canonical/qualcomm qca6564au firmware
- canonical/qualcomm qca6574a firmware
- canonical/qualcomm qca6574 firmware
- canonical/qualcomm qca6574au
- canonical/qualcomm qca6584au firmware
- canonical/qualcomm qca6595au firmware
- canonical/qualcomm qca6688aq firmware
- canonical/qualcomm qca6688aq
- canonical/qualcomm qca6696 firmware
- canonical/qualcomm qca6698aq
- canonical/qualcomm qca6698aq firmware
- canonical/qualcomm sa6145p firmware
- canonical/qualcomm sa6150p firmware
- canonical/qualcomm sa6155
- canonical/qualcomm sa6155 firmware
- canonical/qualcomm sa6155p
- canonical/qualcomm sa7255p
- canonical/qualcomm sa7255p firmware
- canonical/qualcomm sa7775p firmware
- canonical/qualcomm sa8145p
- canonical/qualcomm sa8145p firmware
- canonical/qualcomm sa8150p firmware
- canonical/qualcomm sa8155p firmware
- canonical/qualcomm sa8155 firmware
- canonical/qualcomm sa8155
- canonical/qualcomm sa8195p
- canonical/qualcomm sa8195p firmware
- canonical/qualcomm sa8255p firmware
- canonical/qualcomm sa8295p firmware
- canonical/qualcomm sa8540p
- canonical/qualcomm sa8540p firmware
- canonical/qualcomm sa8620p
- canonical/qualcomm sa8650p
- canonical/qualcomm sa8770p firmware
- canonical/qualcomm sa8775p
- canonical/qualcomm sa9000p firmware
- canonical/qualcomm snapdragon 820 automotive platform firmware
- canonical/qualcomm srv1h
- canonical/qualcomm srv1l firmware
- canonical/qualcomm srv1m
- canonical/qualcomm srv1m firmware