Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-53021

CVE-2024-53021: Qualcomm APQ8017 Information Disclosure

CVE-2024-53021 is an information disclosure vulnerability in Qualcomm APQ8017 firmware occurring during RTCP packet processing. This article covers the technical details, affected firmware versions, and mitigation strategies.

Published:

CVE-2024-53021 Overview

CVE-2024-53021 is an information disclosure vulnerability affecting a wide range of Qualcomm chipsets and firmware. The flaw resides in the handling of Real-time Transport Control Protocol (RTCP) BYE (goodbye) packets received from the network. Improper validation during packet parsing can cause the affected code to read beyond an intended buffer boundary, leading to disclosure of adjacent memory contents [CWE-126: Buffer Over-read]. The vulnerability is network-reachable, requires no authentication, and no user interaction, making it remotely exploitable by any party able to deliver crafted RTCP traffic to a media session on the target device.

Critical Impact

A remote, unauthenticated attacker capable of sending malformed RTCP goodbye packets to a vulnerable device may disclose sensitive memory contents and partially degrade media service availability.

Affected Products

  • Qualcomm Snapdragon mobile platforms (including Snapdragon 8 Gen 1/2/3, 8+ Gen 1/2, 888/888+, 870, 865/865+, 855/855+, and earlier 4-series, 6-series, 7-series, and 8-series SoCs)
  • Qualcomm FastConnect, QCA, WCN, WCD, and WSA connectivity and audio subsystems (FastConnect 6200/6700/6800/6900/7800, QCA6xxx series, WCN3xxx/6xxx/7xxx, WCD93xx, WSA88xx)
  • Qualcomm automotive, IoT, compute, XR, and wearable platforms (SA8xxx/QAM8xxx/QCS/QCM series, Snapdragon XR1/XR2, Snapdragon W5+ Gen 1, Snapdragon 7c+ Gen 3 Compute, Robotics RB3, Video Collaboration VC1/VC3, Vision Intelligence 100/200/300/400)

Discovery Timeline

  • 2025-06-03 - CVE-2024-53021 published to the National Vulnerability Database (NVD)
  • June 2025 - Qualcomm publishes the Qualcomm June 2025 Security Bulletin addressing the issue
  • 2025-11-28 - Last updated in NVD database

Technical Details for CVE-2024-53021

Vulnerability Analysis

The vulnerability is classified under CWE-126 (Buffer Over-read) and is triggered while the Qualcomm media stack processes an RTCP BYE (goodbye) packet received from the network. RTCP is the control companion to RTP and is used to convey participant statistics and session termination messages. The BYE packet type signals that a source is leaving the session and may include a variable-length reason string preceded by a length octet. When the parser fails to validate that the declared length does not exceed the actual bytes remaining in the packet, it reads memory beyond the legitimate buffer.

Because RTCP packets are typically processed by privileged media or DSP firmware components on Qualcomm SoCs, the data returned from the over-read can include heap residue, session state, or other sensitive in-memory artifacts. The high confidentiality impact reflects this exposure, while the low availability impact reflects potential session disruption when malformed packets cause parsing errors.

Root Cause

The root cause is missing or insufficient bounds validation on length fields within the RTCP BYE packet header. The parser trusts attacker-controlled length values and computes a read offset that extends past the end of the receive buffer. This is a classic input validation failure on a network-supplied protocol field.

Attack Vector

Exploitation requires only network access to a device running an active RTP/RTCP session, such as a VoIP, VoLTE, VoWiFi, video conferencing, or WebRTC call. An attacker who can inject or spoof packets into the media stream sends a crafted RTCP compound packet containing a BYE chunk with an oversized reason length. Repeated exploitation could be used to scan memory regions over time, leaking secrets that aid in further compromise.

// Vulnerability described in prose - no verified public proof-of-concept available.
// See Qualcomm June 2025 Security Bulletin for vendor-confirmed technical details.

Detection Methods for CVE-2024-53021

Indicators of Compromise

  • Inbound RTCP packets containing BYE (packet type 203) records where the declared source-count or reason-length field exceeds the remaining UDP payload length.
  • Repeated malformed RTCP traffic targeting active media endpoints from unexpected source addresses outside of legitimate SIP/IMS signaling peers.
  • Unexpected termination, restart, or watchdog events in the media or modem subsystem on affected Qualcomm devices.

Detection Strategies

  • Inspect RTCP traffic with network monitoring tools or session border controllers that validate RTCP header lengths and packet structure against RFC 3550.
  • Correlate device crash dumps and modem logs from mobile device management (MDM) telemetry with anomalous inbound media traffic patterns.
  • Apply intrusion detection signatures that match RTCP BYE packets whose internal length fields exceed the encapsulating UDP datagram size.

Monitoring Recommendations

  • Monitor egress and ingress traffic on UDP ports allocated dynamically to RTP/RTCP sessions for malformed or out-of-session packets.
  • Track firmware patch level reporting from managed mobile, IoT, and automotive endpoints to identify devices still running pre-June 2025 Qualcomm firmware.
  • Alert on repeated RTCP parser errors logged by media subsystems on managed endpoints.

How to Mitigate CVE-2024-53021

Immediate Actions Required

  • Apply the Qualcomm firmware updates referenced in the Qualcomm June 2025 Security Bulletin as soon as the OEM distributes them for affected devices.
  • Inventory all mobile, automotive, IoT, XR, and compute devices built on the affected Qualcomm platforms and prioritize patching for those that participate in voice or video sessions over untrusted networks.
  • Restrict exposure of RTP/RTCP endpoints to trusted peers via session border controllers, SBC ACLs, or firewall rules.

Patch Information

Qualcomm addressed CVE-2024-53021 in the June 2025 security bulletin. Patches must be integrated into device firmware by OEMs and delivered to end users through carrier or vendor update channels. Refer to the Qualcomm June 2025 Security Bulletin for the complete list of affected components and fix references.

Workarounds

  • Limit acceptance of RTP/RTCP traffic to authenticated signaling peers using SIP/IMS authentication and TLS-protected signaling.
  • Where feasible, enable SRTP/SRTCP with cryptographic authentication so that malformed packets from off-path attackers are rejected before reaching the vulnerable parser.
  • Place vulnerable devices behind network elements (SBCs, enterprise firewalls) configured to validate RTCP packet structure and drop malformed BYE records.
bash
# Example: drop inbound RTCP traffic from untrusted networks on a Linux gateway
# Adjust port ranges to match the RTP/RTCP allocation used by your VoIP/IMS deployment
iptables -A FORWARD -p udp --dport 16384:32767 -m conntrack --ctstate NEW -j DROP
iptables -A FORWARD -p udp --dport 16384:32767 -s 10.0.0.0/8 -j ACCEPT

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne