Skip to main content

Sdm429w Firmware CVE-2024-45574

HIGH
Improper Validation of Array Index (CWE-129)
2025-05-06 product-security@qualcomm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:40 vuln.today
Patch released
Mar 28, 2026 - 18:40 nvd
Patch available
CVE Published
May 06, 2025 - 09:15 nvd
HIGH 7.8

DescriptionCVE.org

Memory corruption during array access in Camera kernel due to invalid index from invalid command data.

AnalysisAI

Memory corruption during array access in Camera kernel due to invalid index from invalid command data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-129. Memory corruption during array access in Camera kernel due to invalid index from invalid command data. Affected products include: Qualcomm Sdm429W Firmware, Qualcomm Snapdragon 429 Mobile Firmware, Qualcomm Wcn3620 Firmware, Qualcomm Wcn3660B Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2024-45552 HIGH
8.2 Apr 07

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53021 HIGH
8.2 Jun 03

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2024-53019 HIGH
8.2 Jun 03

Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe

CVE-2025-21427 HIGH
8.2 Jul 08

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

CVE-2024-49844 HIGH
7.8 May 06

Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v

CVE-2024-45579 HIGH
7.8 May 06

Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request informa

CVE-2024-45578 HIGH
7.8 May 06

Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. Rated high severity (CVSS 7.

CVE-2024-45577 HIGH
7.8 May 06

Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. Rated h

CVE-2024-45576 HIGH
7.8 May 06

Memory corruption while prociesing command buffer buffer in OPE module. Rated high severity (CVSS 7.8), this vulnerabili

Share

CVE-2024-45574 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy