CVE-2024-53017
CVE-2024-53017 is a medium-severity vulnerability in Qualcomm Sdm429w Firmware with a CVSS 3.x base score of 6.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-823.
Key facts
- Severity: Medium (CVSS 3.x base score 6.6)
- EPSS exploit prediction: 0% (1st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-54636
- Weakness: CWE-823
- Affected product: Qualcomm Sdm429w Firmware
- Published:
- Last modified:
Description
Memory corruption while handling test pattern generator IOCTL command.
Frequently asked questions
- What is CVE-2024-53017?
- Memory corruption while handling test pattern generator IOCTL command.
- How severe is CVE-2024-53017?
- CVE-2024-53017 has a CVSS 3.x base score of 6.6, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity high, and availability low.
- Is CVE-2024-53017 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-53017?
- CVE-2024-53017 primarily affects Qualcomm Sdm429w Firmware. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2024-53017?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-53017 have an EU (EUVD) identifier?
- Yes. CVE-2024-53017 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-54636.
- When was CVE-2024-53017 published?
- CVE-2024-53017 was published on 2025-06-03 and last updated on 2026-06-17.
References
Affected products (4)
- cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Qualcomm Sdm429w Firmware
- CVE-2025-21483 — Critical (CVSS 9.8): Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
- CVE-2022-40510 — Critical (CVSS 9.8): Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
- CVE-2022-22088 — Critical (CVSS 9.8): Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
- CVE-2022-25720 — Critical (CVSS 9.8): Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon…
- CVE-2021-35104 — Critical (CVSS 9.8): Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto,…
- CVE-2021-30341 — Critical (CVSS 9.8): Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon…
All CVEs affecting Qualcomm Sdm429w Firmware →
Other CWE-823 vulnerabilities
- CVE-2023-43553 — Critical (CVSS 9.8): Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
- CVE-2026-46244 — Critical (CVSS 9.1): In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff…
- CVE-2025-27059 — High (CVSS 8.8): Memory corruption while performing SCM call.
- CVE-2022-0729 — High (CVSS 8.8): Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
- CVE-2017-20211 — High (CVSS 8.6): UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the…
- CVE-2023-20187 — High (CVSS 8.6): A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000…