Qualcomm Snapdragon Auto up to XR1 Platform RTCP Packet buffer over-read

Summaryinfo

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Impacted is an unknown function of the component RTCP Packet Handler. The manipulation results in buffer over-read. This vulnerability is known as CVE-2024-45552. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as critical has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Affected is an unknown function of the component RTCP Packet Handler. The manipulation with an unknown input leads to a buffer over-read vulnerability. CWE is classifying the issue as CWE-126. The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.

The advisory is shared for download at docs.qualcomm.com. This vulnerability is traded as CVE-2024-45552 since 09/02/2024. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 10/07/2025).

Upgrading eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Mobile
• Snapdragon Wearables

Version

• 208 Processor
• 210 Processor
• APQ8064AU
• FastConnect 6200
• FastConnect 6700
• FastConnect 6800
• FastConnect 6900
• FastConnect 7800
• MSM8108
• MSM8209
• MSM8608
• MSM8909W
• MSM8996AU
• QAM8255P
• QAM8295P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA6310
• QCA6320
• QCA6335
• QCA6391
• QCA6426
• QCA6436
• QCA6564
• QCA6564A
• QCA6564AU
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6595
• QCA6595AU
• QCA6696
• QCA6698AQ
• QCA6797AQ
• QCM6125
• QCM6490
• QCS410
• QCS610
• QCS6125
• QCS6490
• SA4150P
• SA4155P
• SA6145P
• SA6150P
• SA6155
• SA6155P
• SA7255P
• SA7775P
• SA8145P
• SA8150P
• SA8155
• SA8155P
• SA8195P
• SA8255P
• SA8295P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SD626
• SD660
• SD835
• SD865 5G
• SDM429W
• SG4150P
• SM4125
• SM6370
• SM8550P
• SRV1H
• SRV1L
• SRV1M
• SW5100
• SW5100P
• SXR1120
• SXR2130
• WCD9326
• WCD9335
• WCD9340
• WCD9341
• WCD9370
• WCD9375
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3610
• WCN3615
• WCN3620
• WCN3660B
• WCN3680B
• WCN3910
• WCN3950
• WCN3980
• WCN3988
• WCN3990
• WSA8810
• WSA8815
• WSA8830
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• XR1 Platform

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion