Skip to main content

Sm7250p Firmware EUVDEUVD-2024-54632

| CVE-2024-53021 HIGH
Buffer Over-read (CWE-126)
2025-06-03 product-security@qualcomm.com
Sm7250p Firmware Vision Intelligence 300 Platform Firmware Qcn9274 Firmware Qcm8550 Firmware Qcs6125 Firmware Sd855 Firmware Snapdragon Xr1 Platform Firmware Qcs610 Firmware Sd660 Firmware Sxr1120 Firmware Sdx55 Firmware Snapdragon 720g Mobile Platform Firmware Snapdragon 855 Mobile Platform Firmware 215 Mobile Platform Firmware Qca6320 Firmware Qca6426 Firmware Snapdragon 845 Mobile Platform Firmware Qcm2150 Firmware Wcn3610 Firmware Snapdragon X50 5g Modem Rf System Firmware Snapdragon 835 Mobile Pc Platform Firmware Qca6310 Firmware Snapdragon 632 Mobile Platform Firmware Snapdragon 780g 5g Mobile Platform Firmware Snapdragon 425 Mobile Platform Firmware Qcm4290 Firmware Sd730 Firmware Sd888 Firmware Sm6370 Firmware Snapdragon 630 Mobile Platform Firmware Wcn3680 Firmware Snapdragon 212 Mobile Platform Firmware Snapdragon 750g 5g Mobile Platform Firmware Sd835 Firmware Sm4125 Firmware Qcs8300 Firmware Qca6431 Firmware Sm7315 Firmware Sxr2130 Firmware Apq8017 Firmware Snapdragon 675 Mobile Platform Firmware Sd670 Firmware Robotics Rb3 Platform Firmware Snapdragon 636 Mobile Platform Firmware Snapdragon 439 Mobile Platform Firmware Snapdragon 210 Processor Firmware Talynplus Firmware Qca6335 Firmware Sd626 Firmware 205 Mobile Platform Firmware Snapdragon 670 Mobile Platform Firmware Qca6436 Firmware Qca6421 Firmware Snapdragon 710 Mobile Platform Firmware Sa8775p Firmware Sm7635 Firmware Wcn3910 Firmware Qcs5430 Firmware Qam8650p Firmware Wsa8815 Firmware Qam8775p Firmware Qcs6490 Firmware Sa8650p Firmware Wcn7750 Firmware Wcn6740 Firmware Qcs615 Firmware Sm8735 Firmware Qcs9100 Firmware Sm4635 Firmware Sd 8 Gen1 5g Firmware Qcs410 Firmware Sm6650 Firmware Sg4150p Firmware Sm8750 Firmware Qcm4325 Firmware Information Disclosure Snapdragon 8 Gen 2 Mobile Platform Firmware Wcn3615 Firmware Sd865 5g Firmware Wcd9326 Firmware Snapdragon X55 5g Modem Rf System Firmware Snapdragon 460 Mobile Platform Firmware Sa8295p Firmware Wcn3620 Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Video Collaboration Vc1 Platform Firmware Snapdragon 662 Mobile Platform Firmware Snapdragon Xr2 5g Platform Firmware Snapdragon 429 Mobile Platform Firmware Snapdragon 480 5g Mobile Platform Firmware Snapdragon 690 5g Mobile Platform Firmware Sm7325p Firmware Snapdragon 4 Gen 2 Mobile Platform Firmware Wcn3660b Firmware Sdm429w Firmware Vision Intelligence 400 Platform Firmware Snapdragon 888 5g Mobile Platform Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Snapdragon 680 4g Mobile Platform Firmware Wcn3680b Firmware Sa6155 Firmware Snapdragon 865 5g Mobile Platform Firmware Snapdragon 778g 5g Mobile Platform Firmware Sa8155 Firmware Snapdragon 660 Mobile Platform Firmware Snapdragon 695 5g Mobile Platform Firmware Video Collaboration Vc3 Platform Firmware Snapdragon 4 Gen 1 Mobile Platform Firmware Snapdragon 625 Mobile Platform Firmware Sm6250 Firmware Wcn6450 Firmware Qcs4290 Firmware Wcd9378 Firmware Sa6145p Firmware Snapdragon 626 Mobile Platform Firmware Wcd9390 Firmware Sa6150p Firmware Sm8635p Firmware Srv1l Firmware Sa8155p Firmware Qca6391 Firmware Wcn7860 Firmware Sw5100p Firmware Qca6595au Firmware Wcn6755 Firmware Qca6698aq Firmware Sa6155p Firmware Qam8295p Firmware Qcm2290 Firmware Qca6696 Firmware Wcn7881 Firmware Wsa8810 Firmware Sm8750p Firmware Wsa8830 Firmware Wcn3988 Firmware Qcm5430 Firmware Qam8620p Firmware Qca6574 Firmware Qcn9011 Firmware Qcn9012 Firmware Wcn3980 Firmware Sa8145p Firmware Qca6797aq Firmware Sm7675p Firmware Sa8195p Firmware Sm8635 Firmware Wcn7861 Firmware Wsa8845h Firmware Qca6595 Firmware Qam8255p Firmware Qcm6125 Firmware Wcd9370 Firmware Wcd9335 Firmware Aqt1000 Firmware Fastconnect 7800 Firmware Fastconnect 6900 Firmware Sa8620p Firmware Wsa8845 Firmware Sm8650q Firmware Sa4150p Firmware Fastconnect 6800 Firmware Qca6574au Firmware Wsa8835 Firmware Qca6678aq Firmware Wcd9375 Firmware Sa8770p Firmware Sm6650p Firmware Wsa8840 Firmware Wcd9340 Firmware Wcn3950 Firmware Wcd9385 Firmware Wcd9395 Firmware Sm8550p Firmware Sm7675 Firmware Sa8150p Firmware Srv1h Firmware Qca6688aq Firmware Wcn3990 Firmware Sa7775p Firmware Sw5100 Firmware Sa9000p Firmware Qamsrv1h Firmware Wcd9341 Firmware Qcs2290 Firmware Fastconnect 6200 Firmware Qcs4490 Firmware Wcn6650 Firmware Qcm4490 Firmware Srv1m Firmware Wcn7880 Firmware Fastconnect 6700 Firmware Sa7255p Firmware Sa4155p Firmware Qamsrv1m Firmware Sa8255p Firmware Qmp1000 Firmware Qcm6490 Firmware Qcs8550 Firmware Wsa8832 Firmware Wcd9380 Firmware Qca6420 Firmware Qca6574a Firmware Qca6430 Firmware
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2024-54632
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 8.2

DescriptionCVE.org

Information disclosure may occur while processing goodbye RTCP packet from network.

AnalysisAI

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processing that allows unauthenticated remote attackers to leak sensitive data through malicious goodbye (BYE) RTCP packets. The vulnerability affects multiple VoIP and real-time communication products processing RTCP traffic; attackers can extract confidential information across the network without authentication or user interaction, and may also cause limited availability impact. The high CVSS score of 8.2 reflects the severe confidentiality impact and network-based attack vector, though exploitation complexity is low.

Technical ContextAI

RTCP (Real-time Transport Control Protocol, RFC 3550) is a companion protocol to RTP used for control and feedback in multimedia streaming applications. The vulnerability exists in RTCP BYE (goodbye) packet processing logic, a fundamental control message that indicates a participant is leaving an RTP session. CWE-126 (Buffer Over-read) indicates the root cause involves reading beyond intended buffer boundaries during RTCP packet parsing, likely when handling malformed BYE packet payloads or option fields. This buffer over-read can expose adjacent memory containing session keys, authentication tokens, codec parameters, or other sensitive RTP/RTCP session data. The vulnerability chain involves: (1) receipt of network RTCP BYE packet, (2) insufficient bounds checking during deserialization, (3) out-of-bounds memory access leaking heap or stack data. Affected products typically include VoIP endpoints (SIP phones, softphones), media servers, RTC libraries, and unified communications platforms that implement RTCP per RFC 3550.

RemediationAI

Specific patch information was not provided in the input. Remediation steps follow standard vulnerability response: (1) Consult vendor security advisories linked to CVE-2024-53021 for affected product versions and patched releases, (2) Apply security patches immediately to production systems, prioritizing media servers and SIP endpoints, (3) If patches unavailable, implement network-level RTCP filtering/monitoring to detect malformed BYE packets using DPI (deep packet inspection) rules that validate RTCP packet structure per RFC 3550, (4) Disable RTCP BYE processing if operationally feasible, falling back to session timeout mechanisms, (5) Isolate RTP sessions to trusted networks with firewall rules restricting RTCP traffic to known peer ranges, (6) Monitor for exploit attempts: log RTCP parsing errors, malformed packet drops, and memory access violations. Escalate to vendor support for specific patch timelines and zero-day guidance if production instances cannot be patched immediately.

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2025-21467 HIGH
7.8 May 06

Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2025-21453 HIGH
7.8 May 06

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential f

CVE-2024-49845 HIGH
7.8 May 06

Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attac

CVE-2024-49844 HIGH
7.8 May 06

Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v

CVE-2024-49841 HIGH
7.8 May 06

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high se

CVE-2024-49835 HIGH
7.8 May 06

Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2024-49842 HIGH
7.8 May 06

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high se

CVE-2024-53014 HIGH
7.8 Mar 03

Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vu

CVE-2025-21424 HIGH
7.8 Mar 03

Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is

CVE-2024-53010 HIGH
7.8 Jun 03

Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux

Share

EUVD-2024-54632 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy