#VU107088 Improper Access Control for Register Interface in Qualcomm products - CVE-2024-45556

Vulnerability identifier: #VU107088

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-45556

CWE-ID: CWE-1262

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FastConnect 6900
FastConnect 7800
Immersive Home 3210 Platform
Immersive Home 326 Platform
IPQ5300
IPQ5302
IPQ5312
IPQ5332
IPQ9008
IPQ9048
IPQ9554
IPQ9570
IPQ9574
QCA0000
QCA8075
QCA8081
QCA8082
QCA8084
QCA8085
QCA8386
QCF8000
QCF8000SFP
QCF8001
QCN5124
QCN6224
QCN6402
QCN6412
QCN6422
QCN6432
QCN9000
QCN9012
QCN9013
QCN9024
QCN9074
QCN9160
QCN9274
QXM8083
SD 8 Gen1 5G
SDX65M
Snapdragon 429 Mobile Platform
Snapdragon AR1 Gen 1 Platform
Snapdragon AR1 Gen 1 Platform "Luna1"
Snapdragon AR2 Gen 1 Platform
Snapdragon Wear 4100+ Platform
Snapdragon X65 5G Modem-RF System
SSG2115P
SSG2125P
SXR1230P
SXR2230P
SXR2250P
WCD9380
WCD9385
WCN3620
WCN3660B
WCN3680B
WCN3980
WSA8830
WSA8835
SDM429W
WSA8832

Software vendor:
Qualcomm

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation in TZ Firmware. A local application can gain access to sensitive information.

Install security update from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html