Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-33038

Sept. 4, 2024, 5:21 p.m.

Tags

CWE-787
CWE-822
product-security@qualcomm.com
2024-09-02
CVE-2024-33038

CVSS Score

7.8 / 10

Products Impacted

Vendor Product Versions
qualcomm
  • fastconnect_6700_firmware
  • fastconnect_6700
  • fastconnect_6900_firmware
  • fastconnect_6900
  • fastconnect_7800_firmware
  • fastconnect_7800
  • qcm4490_firmware
  • qcm4490
  • qcm5430_firmware
  • qcm5430
  • qcm6490_firmware
  • qcm6490
  • qcm8550_firmware
  • qcm8550
  • qcs4490_firmware
  • qcs4490
  • qcs5430_firmware
  • qcs5430
  • qcs6490_firmware
  • qcs6490
  • qcs8550_firmware
  • qcs8550
  • video_collaboration_vc3_firmware
  • video_collaboration_vc3
  • sd_8_gen1_5g_firmware
  • sd_8_gen1_5g
  • sg8275p_firmware
  • sg8275p
  • sm8550p_firmware
  • sm8550p
  • sm8635_firmware
  • sm8635
  • snapdragon_4_gen_2_firmware
  • snapdragon_4_gen_2
  • snapdragon_8_gen_1_firmware
  • snapdragon_8_gen_1
  • snapdragon_8_gen_2_firmware
  • snapdragon_8_gen_2
  • snapdragon_8_gen_3_firmware
  • snapdragon_8_gen_3
  • snapdragon_8\+_gen_1_firmware
  • snapdragon_8\+_gen_1
  • snapdragon_8\+_gen_2_firmware
  • snapdragon_8\+_gen_2
  • snapdragon_ar2_gen_1_firmware
  • snapdragon_ar2_gen_1
  • ssg2115p_firmware
  • ssg2115p
  • ssg2125p_firmware
  • ssg2125p
  • sxr1230p_firmware
  • sxr1230p
  • talynplus_firmware
  • talynplus
  • wcd9370_firmware
  • wcd9370
  • wcd9375_firmware
  • wcd9375
  • wcd9380_firmware
  • wcd9380
  • wcd9385_firmware
  • wcd9385
  • wcd9390_firmware
  • wcd9390
  • wcd9395_firmware
  • wcd9395
  • wcn3950_firmware
  • wcn3950
  • wcn3988_firmware
  • wcn3988
  • wcn6740_firmware
  • wcn6740
  • wcn6755_firmware
  • wcn6755
  • wsa8810_firmware
  • wsa8810
  • wsa8815_firmware
  • wsa8815
  • wsa8830_firmware
  • wsa8830
  • wsa8832_firmware
  • wsa8832
  • wsa8835_firmware
  • wsa8835
  • wsa8840_firmware
  • wsa8840
  • wsa8845_firmware
  • wsa8845
  • wsa8845h_firmware
  • wsa8845h
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Description

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.

Weaknesses

CWE-787
Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE ID: 787
CWE-822
Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

CWE ID: 822

Date

Published: Sept. 2, 2024, 12:15 p.m.

Last Modified: Sept. 4, 2024, 5:21 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm fastconnect_6700_firmware - / / / / / / /
h qualcomm fastconnect_6700 - / / / / / / /
o qualcomm fastconnect_6900_firmware - / / / / / / /
h qualcomm fastconnect_6900 - / / / / / / /
o qualcomm fastconnect_7800_firmware - / / / / / / /
h qualcomm fastconnect_7800 - / / / / / / /
o qualcomm qcm4490_firmware - / / / / / / /
h qualcomm qcm4490 - / / / / / / /
o qualcomm qcm5430_firmware - / / / / / / /
h qualcomm qcm5430 - / / / / / / /
o qualcomm qcm6490_firmware - / / / / / / /
h qualcomm qcm6490 - / / / / / / /
o qualcomm qcm8550_firmware - / / / / / / /
h qualcomm qcm8550 - / / / / / / /
o qualcomm qcs4490_firmware - / / / / / / /
h qualcomm qcs4490 - / / / / / / /
o qualcomm qcs5430_firmware - / / / / / / /
h qualcomm qcs5430 - / / / / / / /
o qualcomm qcs6490_firmware - / / / / / / /
h qualcomm qcs6490 - / / / / / / /
o qualcomm qcs8550_firmware - / / / / / / /
h qualcomm qcs8550 - / / / / / / /
o qualcomm video_collaboration_vc3_firmware - / / / / / / /
h qualcomm video_collaboration_vc3 - / / / / / / /
o qualcomm sd_8_gen1_5g_firmware - / / / / / / /
h qualcomm sd_8_gen1_5g - / / / / / / /
o qualcomm sg8275p_firmware - / / / / / / /
h qualcomm sg8275p - / / / / / / /
o qualcomm sm8550p_firmware - / / / / / / /
h qualcomm sm8550p - / / / / / / /
o qualcomm sm8635_firmware - / / / / / / /
h qualcomm sm8635 - / / / / / / /
o qualcomm snapdragon_4_gen_2_firmware - / / / / / / /
h qualcomm snapdragon_4_gen_2 - / / / / / / /
o qualcomm snapdragon_8_gen_1_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_1 - / / / / / / /
o qualcomm snapdragon_8_gen_2_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_2 - / / / / / / /
o qualcomm snapdragon_8_gen_3_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_3 - / / / / / / /
o qualcomm snapdragon_8\+_gen_1_firmware - / / / / / / /
h qualcomm snapdragon_8\+_gen_1 - / / / / / / /
o qualcomm snapdragon_8\+_gen_2_firmware - / / / / / / /
h qualcomm snapdragon_8\+_gen_2 - / / / / / / /
o qualcomm snapdragon_ar2_gen_1_firmware - / / / / / / /
h qualcomm snapdragon_ar2_gen_1 - / / / / / / /
o qualcomm ssg2115p_firmware - / / / / / / /
h qualcomm ssg2115p - / / / / / / /
o qualcomm ssg2125p_firmware - / / / / / / /
h qualcomm ssg2125p - / / / / / / /
o qualcomm sxr1230p_firmware - / / / / / / /
h qualcomm sxr1230p - / / / / / / /
o qualcomm talynplus_firmware - / / / / / / /
h qualcomm talynplus - / / / / / / /
o qualcomm wcd9370_firmware - / / / / / / /
h qualcomm wcd9370 - / / / / / / /
o qualcomm wcd9375_firmware - / / / / / / /
h qualcomm wcd9375 - / / / / / / /
o qualcomm wcd9380_firmware - / / / / / / /
h qualcomm wcd9380 - / / / / / / /
o qualcomm wcd9385_firmware - / / / / / / /
h qualcomm wcd9385 - / / / / / / /
o qualcomm wcd9390_firmware - / / / / / / /
h qualcomm wcd9390 - / / / / / / /
o qualcomm wcd9395_firmware - / / / / / / /
h qualcomm wcd9395 - / / / / / / /
o qualcomm wcn3950_firmware - / / / / / / /
h qualcomm wcn3950 - / / / / / / /
o qualcomm wcn3988_firmware - / / / / / / /
h qualcomm wcn3988 - / / / / / / /
o qualcomm wcn6740_firmware - / / / / / / /
h qualcomm wcn6740 - / / / / / / /
o qualcomm wcn6755_firmware - / / / / / / /
h qualcomm wcn6755 - / / / / / / /
o qualcomm wsa8810_firmware - / / / / / / /
h qualcomm wsa8810 - / / / / / / /
o qualcomm wsa8815_firmware - / / / / / / /
h qualcomm wsa8815 - / / / / / / /
o qualcomm wsa8830_firmware - / / / / / / /
h qualcomm wsa8830 - / / / / / / /
o qualcomm wsa8832_firmware - / / / / / / /
h qualcomm wsa8832 - / / / / / / /
o qualcomm wsa8835_firmware - / / / / / / /
h qualcomm wsa8835 - / / / / / / /
o qualcomm wsa8840_firmware - / / / / / / /
h qualcomm wsa8840 - / / / / / / /
o qualcomm wsa8845_firmware - / / / / / / /
h qualcomm wsa8845 - / / / / / / /
o qualcomm wsa8845h_firmware - / / / / / / /
h qualcomm wsa8845h - / / / / / / /

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

https://docs.qualcomm.com/ product-security@qualcomm.com