CVE-2024-45556
CVE-2024-45556 is a medium-severity vulnerability in Qualcomm Fastconnect 6900 Firmware with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1262.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- EPSS exploit prediction: 0% (1st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-54377
- Weakness: CWE-1262
- Affected product: Qualcomm Fastconnect 6900 Firmware
- Published:
- Last modified:
Description
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
Frequently asked questions
- What is CVE-2024-45556?
- Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
- How severe is CVE-2024-45556?
- CVE-2024-45556 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2024-45556 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-45556?
- CVE-2024-45556 primarily affects Qualcomm Fastconnect 6900 Firmware. In total, 60 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2024-45556?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-45556 have an EU (EUVD) identifier?
- Yes. CVE-2024-45556 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-54377.
- When was CVE-2024-45556 published?
- CVE-2024-45556 was published on 2025-04-07 and last updated on 2026-06-17.
References
Affected products (60)
- cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:immersive_home_3210_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:immersive_home_326_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq5300_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq5302_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq5312_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq5332_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq9008_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq9048_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq9554_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq9570_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq9574_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8082_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8084_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8085_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8386_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcf8000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcf8000sfp_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcf8001_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn5124_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6224_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6402_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6412_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6422_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn6432_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9013_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9160_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn9274_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qxm8083_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdx65m_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Qualcomm Fastconnect 6900 Firmware
- CVE-2025-27034 — Critical (CVSS 9.8): Memory corruption while selecting the PLMN from SOR failed list.
- CVE-2025-21483 — Critical (CVSS 9.8): Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
- CVE-2024-45569 — Critical (CVSS 9.8): Memory corruption while parsing the ML IE due to invalid frame content.
- CVE-2024-21473 — Critical (CVSS 9.8): Memory corruption while redirecting log file to any file location with any file name.
- CVE-2023-43553 — Critical (CVSS 9.8): Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
- CVE-2023-43552 — Critical (CVSS 9.8): Memory corruption while processing MBSSID beacon containing several subelement IE.
All CVEs affecting Qualcomm Fastconnect 6900 Firmware →
Other CWE-1262 vulnerabilities
- CVE-2023-20599 — High (CVSS 7.9): Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s…
- CVE-2025-47385 — High (CVSS 7.8): Memory Corruption when accessing trusted execution environment without proper privilege check.
- CVE-2024-6354 — High (CVSS 7.2): Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows…
- CVE-2025-20788 — Medium (CVSS 4.4): In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial…
- CVE-2025-54509 — Medium (CVSS 4.0): Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a…
- CVE-2025-36194 — Low (CVSS 2.8): IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may…