CVE-2024-45556 - Vulnerability Details - OpenCVE

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

History

Mon, 07 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 07 Apr 2025 10:30:00 +0000

Type	Values Removed	Values Added
Description		Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
Title		Improper Access Control for Register Interface in TZ Firmware
Weaknesses		CWE-1262
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2025-04-07T10:15:47.649Z

Updated: 2025-04-07T15:51:55.660Z

Reserved: 2024-09-02T10:26:15.223Z

Link: CVE-2024-45556

Vulnrichment

Updated: 2025-04-07T15:51:51.378Z

NVD

Status : Awaiting Analysis

Published: 2025-04-07T11:15:49.850

Modified: 2025-04-07T14:17:50.220

Link: CVE-2024-45556

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45556", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2024-09-02T10:26:15.223Z", "datePublished": "2025-04-07T10:15:47.649Z", "dateUpdated": "2025-04-07T15:51:55.660Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon CCW", "Snapdragon Compute", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "Immersive Home 3210 Platform"}, {"status": "affected", "version": "Immersive Home 326 Platform"}, {"status": "affected", "version": "IPQ5300"}, {"status": "affected", "version": "IPQ5302"}, {"status": "affected", "version": "IPQ5312"}, {"status": "affected", "version": "IPQ5332"}, {"status": "affected", "version": "IPQ9008"}, {"status": "affected", "version": "IPQ9048"}, {"status": "affected", "version": "IPQ9554"}, {"status": "affected", "version": "IPQ9570"}, {"status": "affected", "version": "IPQ9574"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "QCA8075"}, {"status": "affected", "version": "QCA8081"}, {"status": "affected", "version": "QCA8082"}, {"status": "affected", "version": "QCA8084"}, {"status": "affected", "version": "QCA8085"}, {"status": "affected", "version": "QCA8386"}, {"status": "affected", "version": "QCF8000"}, {"status": "affected", "version": "QCF8000SFP"}, {"status": "affected", "version": "QCF8001"}, {"status": "affected", "version": "QCN5124"}, {"status": "affected", "version": "QCN6224"}, {"status": "affected", "version": "QCN6402"}, {"status": "affected", "version": "QCN6412"}, {"status": "affected", "version": "QCN6422"}, {"status": "affected", "version": "QCN6432"}, {"status": "affected", "version": "QCN9000"}, {"status": "affected", "version": "QCN9012"}, {"status": "affected", "version": "QCN9013"}, {"status": "affected", "version": "QCN9024"}, {"status": "affected", "version": "QCN9074"}, {"status": "affected", "version": "QCN9160"}, {"status": "affected", "version": "QCN9274"}, {"status": "affected", "version": "QXM8083"}, {"status": "affected", "version": "SD 8 Gen1 5G"}, {"status": "affected", "version": "SDM429W"}, {"status": "affected", "version": "SDX65M"}, {"status": "affected", "version": "Snapdragon 429 Mobile Platform"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""}, {"status": "affected", "version": "Snapdragon AR2 Gen 1 Platform"}, {"status": "affected", "version": "Snapdragon Wear 4100+ Platform"}, {"status": "affected", "version": "Snapdragon X65 5G Modem-RF System"}, {"status": "affected", "version": "SSG2115P"}, {"status": "affected", "version": "SSG2125P"}, {"status": "affected", "version": "SXR1230P"}, {"status": "affected", "version": "SXR2230P"}, {"status": "affected", "version": "SXR2250P"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN3620"}, {"status": "affected", "version": "WCN3660B"}, {"status": "affected", "version": "WCN3680B"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}]}], "descriptions": [{"lang": "en", "value": "Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1262", "description": "CWE-1262: Improper Access Control for Register Interface", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2025-04-07T10:15:47.649Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"}], "title": "Improper Access Control for Register Interface in TZ Firmware"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T15:51:44.636784Z", "id": "CVE-2024-45556", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T15:51:55.660Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45556", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-07T15:51:44.636784Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T15:51:51.378Z"}}], "cna": {"title": "Improper Access Control for Register Interface in TZ Firmware", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "Immersive Home 3210 Platform"}, {"status": "affected", "version": "Immersive Home 326 Platform"}, {"status": "affected", "version": "IPQ5300"}, {"status": "affected", "version": "IPQ5302"}, {"status": "affected", "version": "IPQ5312"}, {"status": "affected", "version": "IPQ5332"}, {"status": "affected", "version": "IPQ9008"}, {"status": "affected", "version": "IPQ9048"}, {"status": "affected", "version": "IPQ9554"}, {"status": "affected", "version": "IPQ9570"}, {"status": "affected", "version": "IPQ9574"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "QCA8075"}, {"status": "affected", "version": "QCA8081"}, {"status": "affected", "version": "QCA8082"}, {"status": "affected", "version": "QCA8084"}, {"status": "affected", "version": "QCA8085"}, {"status": "affected", "version": "QCA8386"}, {"status": "affected", "version": "QCF8000"}, {"status": "affected", "version": "QCF8000SFP"}, {"status": "affected", "version": "QCF8001"}, {"status": "affected", "version": "QCN5124"}, {"status": "affected", "version": "QCN6224"}, {"status": "affected", "version": "QCN6402"}, {"status": "affected", "version": "QCN6412"}, {"status": "affected", "version": "QCN6422"}, {"status": "affected", "version": "QCN6432"}, {"status": "affected", "version": "QCN9000"}, {"status": "affected", "version": "QCN9012"}, {"status": "affected", "version": "QCN9013"}, {"status": "affected", "version": "QCN9024"}, {"status": "affected", "version": "QCN9074"}, {"status": "affected", "version": "QCN9160"}, {"status": "affected", "version": "QCN9274"}, {"status": "affected", "version": "QXM8083"}, {"status": "affected", "version": "SD 8 Gen1 5G"}, {"status": "affected", "version": "SDM429W"}, {"status": "affected", "version": "SDX65M"}, {"status": "affected", "version": "Snapdragon 429 Mobile Platform"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""}, {"status": "affected", "version": "Snapdragon AR2 Gen 1 Platform"}, {"status": "affected", "version": "Snapdragon Wear 4100+ Platform"}, {"status": "affected", "version": "Snapdragon X65 5G Modem-RF System"}, {"status": "affected", "version": "SSG2115P"}, {"status": "affected", "version": "SSG2125P"}, {"status": "affected", "version": "SXR1230P"}, {"status": "affected", "version": "SXR2230P"}, {"status": "affected", "version": "SXR2250P"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN3620"}, {"status": "affected", "version": "WCN3660B"}, {"status": "affected", "version": "WCN3680B"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}], "platforms": ["Snapdragon CCW", "Snapdragon Compute", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1262", "description": "CWE-1262: Improper Access Control for Register Interface"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2025-04-07T10:15:47.649Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45556", "state": "PUBLISHED", "dateUpdated": "2025-04-07T15:51:55.660Z", "dateReserved": "2024-09-02T10:26:15.223Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2025-04-07T10:15:47.649Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.1"}