CVE-2024-33061

MEDIUM EPSS 1.0%
Published Jan 6, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 6, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
1.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-126

Affected Products 18

VendorProductVersionRange
qualcommqcs8550_firmware*any
qualcommqcs8550*any
qualcommsw5100_firmware*any
qualcommsw5100*any
qualcommsw5100p_firmware*any
qualcommsw5100p*any
qualcommwcn3660b_firmware*any
qualcommwcn3660b*any
qualcommwcn3680b_firmware*any
qualcommwcn3680b*any
qualcommwcn3980_firmware*any
qualcommwcn3980*any
qualcommwcn3988_firmware*any
qualcommwcn3988*any
qualcommwsa8830_firmware*any
qualcommwsa8830*any
qualcommwsa8835_firmware*any
qualcommwsa8835*any

References 1

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html
    PatchVendor Advisory

Remediation

  • docs.qualcomm.com https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html
    PatchVendor Advisory