Memory Corruption in Qualcomm Products Due to IOCTL Call Vulnerability
CVE-2024-33055

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 6 January 2025

What is CVE-2024-33055?

This vulnerability involves a memory corruption issue that occurs when IOCTL calls are made to unmap Direct Memory Access (DMA) buffers in Qualcomm hardware. As a result, an attacker could exploit this flaw to potentially execute arbitrary code, leading to a compromise of the device's integrity and performance. Proactive measures should be adopted to secure affected systems and mitigate any risks associated with this vulnerability.

Affected Version(s)

Snapdragon Snapdragon Auto FastConnect 6900

Snapdragon Snapdragon Auto FastConnect 7800

Snapdragon Snapdragon Auto QAM8295P

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Apr 23, 2024