Information Disclosure Vulnerability in Qualcomm Products
CVE-2024-33061

5.5MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 6 January 2025

Summary

This vulnerability arises from improper handling of IOCTL calls, which can expose sensitive information when releasing a trusted VM process or opening a communication channel without proper initialization. Attackers could exploit this flaw to gain unauthorized access to sensitive data, emphasizing the need for immediate attention from users of the affected Qualcomm products.

Affected Version(s)

Snapdragon Snapdragon Industrial IOT QCS8550

Snapdragon Snapdragon Industrial IOT SW5100

Snapdragon Snapdragon Industrial IOT SW5100P

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Apr 23, 2024

Collectors

NVD DatabaseMitre Database