CVE-2024-33061

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

History

10 Jan 2025, 16:49

Type	Values Removed	Values Added
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html - Patch, Vendor Advisory
CWE		CWE-125
CPE		cpe:2.3:o:qualcomm:sw5100_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3660b:-:::::::* cpe:2.3:h:qualcomm:wcn3988:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:::::::* cpe:2.3:o:qualcomm:sw5100p_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3680b:-:::::::* cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::* cpe:2.3:h:qualcomm:sw5100:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:sw5100p:-:::::::*
Summary		(es) Divulgación de información durante el procesamiento de una llamada IOCTL realizada para liberar un proceso de VM confiable o abrir un canal sin inicializar el proceso.
First Time		Qualcomm qcs8550 Qualcomm wsa8830 Firmware Qualcomm sw5100p Qualcomm sw5100 Qualcomm wsa8830 Qualcomm wcn3680b Qualcomm sw5100 Firmware Qualcomm wcn3980 Firmware Qualcomm wsa8835 Firmware Qualcomm sw5100p Firmware Qualcomm wcn3980 Qualcomm qcs8550 Firmware Qualcomm wsa8835 Qualcomm Qualcomm wcn3660b Firmware Qualcomm wcn3988 Firmware Qualcomm wcn3660b Qualcomm wcn3988 Qualcomm wcn3680b Firmware

06 Jan 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 11:15

Updated : 2025-01-10 16:49

NVD link : CVE-2024-33061

Mitre link : CVE-2024-33061

CVE.ORG link : CVE-2024-33061

JSON object : View

Products Affected

qualcomm

wcn3988_firmware
wcn3660b_firmware
wsa8830_firmware
wcn3660b
sw5100p
wcn3980_firmware
wsa8835_firmware
qcs8550
wcn3980
wsa8835
wcn3680b_firmware
wcn3680b
sw5100p_firmware
wsa8830
sw5100
wcn3988
qcs8550_firmware
sw5100_firmware

CWE

CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read

6.8 /10