Skip to main content

Sdm429w Firmware CVE-2024-45565

HIGH
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2025-05-06 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:40 vuln.today
Patch released
Mar 28, 2026 - 18:40 nvd
Patch available
CVE Published
May 06, 2025 - 09:15 nvd
HIGH 7.8

DescriptionCVE.org

Memory corruption when blob structure is modified by user-space after kernel verification.

AnalysisAI

Memory corruption when blob structure is modified by user-space after kernel verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-367. Memory corruption when blob structure is modified by user-space after kernel verification. Affected products include: Qualcomm Sdm429W Firmware, Qualcomm Snapdragon 429 Mobile Firmware, Qualcomm Wcn3620 Firmware, Qualcomm Wcn3660B Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2024-45552 HIGH
8.2 Apr 07

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53021 HIGH
8.2 Jun 03

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2024-53019 HIGH
8.2 Jun 03

Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe

CVE-2025-21427 HIGH
8.2 Jul 08

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

CVE-2024-49844 HIGH
7.8 May 06

Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v

CVE-2024-45579 HIGH
7.8 May 06

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request informa

CVE-2024-45578 HIGH
7.8 May 06

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. Rated high severity (CVSS 7.

CVE-2024-45577 HIGH
7.8 May 06

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. Rated h

CVE-2024-45576 HIGH
7.8 May 06

Memory corruption while prociesing command buffer buffer in OPE module. Rated high severity (CVSS 7.8), this vulnerabili

Share

CVE-2024-45565 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy