CVE-2024-33061

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

History

10 Jan 2025, 16:49

Type	Values Removed	Values Added
First Time		Qualcomm wsa8835 Qualcomm wcn3680b Qualcomm wcn3980 Firmware Qualcomm wcn3988 Qualcomm sw5100 Firmware Qualcomm qcs8550 Qualcomm sw5100 Qualcomm wcn3988 Firmware Qualcomm wcn3660b Firmware Qualcomm wsa8830 Firmware Qualcomm wsa8830 Qualcomm Qualcomm sw5100p Firmware Qualcomm wcn3980 Qualcomm wcn3680b Firmware Qualcomm wcn3660b Qualcomm wsa8835 Firmware Qualcomm qcs8550 Firmware Qualcomm sw5100p
Summary		(es) Divulgación de información durante el procesamiento de una llamada IOCTL realizada para liberar un proceso de VM confiable o abrir un canal sin inicializar el proceso.
CWE		CWE-125
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html - Patch, Vendor Advisory
CPE		cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:sw5100p:-:::::::* cpe:2.3:h:qualcomm:wcn3680b:-:::::::* cpe:2.3:h:qualcomm:wcn3660b:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3988:-:::::::* cpe:2.3:o:qualcomm:sw5100_firmware:-:::::::* cpe:2.3:o:qualcomm:sw5100p_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:h:qualcomm:sw5100:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::*

06 Jan 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 11:15

Updated : 2025-01-10 16:49

NVD link : CVE-2024-33061

Mitre link : CVE-2024-33061

CVE.ORG link : CVE-2024-33061

JSON object : View

Products Affected

qualcomm

wcn3980
wcn3980_firmware
sw5100
wsa8830_firmware
wsa8830
qcs8550_firmware
wcn3988
wcn3660b
wcn3680b_firmware
wcn3680b
sw5100_firmware
qcs8550
sw5100p
wsa8835_firmware
wcn3988_firmware
wsa8835
sw5100p_firmware
wcn3660b_firmware

CWE

CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read

6.8 /10