Sign-up

ID

VAR-202409-0013


CVE

CVE-2024-33060


TITLE

Use of freed memory vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2024-007287

DESCRIPTION

Memory corruption when two threads try to map and unmap a single node simultaneously. 315 5g iot firmware, AQT1000 firmware, AR8031 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inside of fastrpc_mmap_find, there exists the following code to search for ADSP_MMAP_HEAP_ADDR or ADSP_MMAP_REMOTE_HEAP_ADDR allocations:hlist_for_each_entry_safe(map, n, &me->maps, hn) { if (va >= map->va && va + len <= map->va + map->len && map->fd == fd) { if (refs) { if (map->refs + 1 == INT_MAX) { spin_unlock_irqrestore(&me->hlock, irq_flags); return -ETOOMANYREFS; } map->refs++; } match = map; break; } } This code is wrong at a couple different levels, particularly in the case of a fastrpc_mmap_create-->fastrpc_mmap_find call coming from userland such as in the FASTRPC_IOCTL_MEM_MAP ioctl. I think this code path may not be intended to be reachable from userland at all - although even for requests issued from kernel-land, the contract for this code appears to have some correctness issues. This code uses map->va for finding an associated mapping which for these heap addresses comes from a call to dma_alloc_attrs inside of fastrpc_alloc_cma_memory. dma_alloc_attrs has two different modes of operation - one returns a kernel virtual address to the allocated memory, and the other returns a struct page pointer that serves as an opaque cookie for the allocated memory. We have the latter case for this invocation of dma_alloc_attrs because of the DMA_ATTR_NO_KERNEL_MAPPING flag applied in fastrpc_mmap_create_remote_heap. We can see this looking at the debugfs-visible global file in the adsprpc directory:=================================== GMAPS ==================================== fd |phys |size |va -------------------------------------------------------------------------------- -1 |0xE883A000 |0x1000 |0xFFFFFFFE01A20E80 -1 |0xE8839000 |0x1000 |0xFFFFFFFE01A20E40 -1 |0xE8838000 |0x1000 |0xFFFFFFFE01A20E00 -1 |0xE8837000 |0x1000 |0xFFFFFFFE01A20DC0 -1 |0xE8836000 |0x1000 |0xFFFFFFFE01A20D80 -1 |0xE8835000 |0x1000 |0xFFFFFFFE01A20D40 0 |0xE8834000 |0x1000 |0xFFFFFFFE01A20D00 0 |0xE8833000 |0x1000 |0xFFFFFFFE01A20CC0 0 |0xE8832000 |0x1000 |0xFFFFFFFE01A20C80 -1 |0xE8900000 |0x200000 |0xFFFFFFFE01A24000 This means we end up comparing a userland supplied value against a kernel page pointer - behavior of the kernel ioctl FASTRPC_IOCTL_MEM_MAP differs in userland visible ways based on the outcome of the comparison, meaning that userland can leak kernel page pointer addresses by "guessing" a possible address and observing the resulting error code. Here is the output from the attached PoC on a Samsung S23: dm1q:/data/local/tmp $ ./poc Detected address 0xfffffffe01c00000 Final address: 0xfffffffe01a24000 Additionally, because map->va is a struct page pointer as opposed to a genuine address to the underlying buffer, the usage of map->va + map->len is incorrect, and can lead to there being multiple map matches for the same calling parameters. **This bug is subject to a 90-day disclosure deadline. If a fix for this** **issue is made available to users before the end of the 90-day deadline,** **this bug report will become public 30 days after the fix was made** **available. Otherwise, this bug report will become public at the deadline.** The scheduled deadline is 2024-09-22. **For more details, see the Project Zero vulnerability disclosure policy:** **https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-** **policy.html** Related CVE Number: CVE-2024-33060

Trust: 1.71

sources: NVD: CVE-2024-33060 // JVNDB: JVNDB-2024-007287 // PACKETSTORM: 181998

AFFECTED PRODUCTS

vendor:qualcommmodel:ssg2115pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4325scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc5scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8840scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x35 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon xr1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165nscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 888 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 855\+ mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs8550scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 5g modem-rf gen 2scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon xr2 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 855 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd888scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8 gen1 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6274scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa4155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 860 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6698aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8845hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6200scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8 gen 2 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 778g\+ 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:talynplusscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 678 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8770pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x75 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 4 gen 1 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:video collaboration vc3scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6420scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6700scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 765 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ssg2125pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1lscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6900scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8 gen 1 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qru1032scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6740scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7325pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8550pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:flight rb5 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon w5\+ gen 1 wearablescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8832scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm4125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs2290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9395scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qru1062scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 662 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:vision intelligence 100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7315scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x62 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 710 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6755scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x65 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 865\+ 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9360scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 720g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1230pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9012scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8775pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8\+ gen 1 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd626scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs5430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 695 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 5g modem-rfscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smart display 200scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 480\+ 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm8550scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smart audio 400scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 730g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x55 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm5430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 750g 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ar8035scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8650pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x20 ltescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx61scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 820 automotivescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdu1110scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfw7114scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 780g 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 685 4g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon ar2 gen 1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8635scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x72 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2230pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa9000pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdu1010scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa4150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8337scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfw7124scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa7775pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 730 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon auto 4gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8620pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 429 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8620pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 4 gen 2 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ar8031scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6320scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 7800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qep8111scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qsm8350scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8 gen 3 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 675 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qamsrv1mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 888\+ 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon xr2\+ gen 1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x12 ltescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 480 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9011scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6688aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:robotics rb5scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:315 5g iotscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:srv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 670 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdx1011scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdu1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 778g 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:215 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 690 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs4490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 835 mobile pcscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 782g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm6490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs7230scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 768g 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 865 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 870 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdx1010scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:aqt1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 765g 5g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 8\+ gen 2 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:c-v2x 9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon x50 5g modem-rf systemscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9628scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6310scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6797aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs6490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6224scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 732g mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 660 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 7c\+ gen 3 computescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qdu1210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6678aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:vision intelligence 400scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sg4150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qru1052scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qamsrv1hscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 460 mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3910scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sg8275pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1120scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fastconnect 6800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8775pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:vision intelligence 200scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa7255pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon 680 4g mobilescope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:fastconnect 7800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8620pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9628scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:aqt1000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6620scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6200scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6700scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:flight rb5 5gscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9250scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6640scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:c-v2x 9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:315 5g iotscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6900scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8035scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8255pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8031scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-007287 // NVD: CVE-2024-33060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-33060
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2024-33060
value: HIGH

Trust: 1.0

NVD: CVE-2024-33060
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-33060
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2024-33060
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-33060
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-007287 // NVD: CVE-2024-33060 // NVD: CVE-2024-33060

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007287 // NVD: CVE-2024-33060

EXTERNAL IDS

db:NVDid:CVE-2024-33060

Trust: 2.7

db:JVNDBid:JVNDB-2024-007287

Trust: 0.8

db:PACKETSTORMid:181998

Trust: 0.1

sources: JVNDB: JVNDB-2024-007287 // PACKETSTORM: 181998 // NVD: CVE-2024-33060

REFERENCES

url:https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-33060

Trust: 0.9

url:https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-**

Trust: 0.1

sources: JVNDB: JVNDB-2024-007287 // PACKETSTORM: 181998 // NVD: CVE-2024-33060

CREDITS

Google Security Research, Seth Jenkins

Trust: 0.1

sources: PACKETSTORM: 181998

SOURCES

db:JVNDBid:JVNDB-2024-007287
db:PACKETSTORMid:181998
db:NVDid:CVE-2024-33060

LAST UPDATE DATE

2024-10-07T23:40:13.942000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-007287date:2024-09-05T05:06:00
db:NVDid:CVE-2024-33060date:2024-09-04T17:06:08.407

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-007287date:2024-09-05T00:00:00
db:PACKETSTORMid:181998date:2024-10-04T18:17:47
db:NVDid:CVE-2024-33060date:2024-09-02T12:15:18.710