Cyber Posture

CVE-2024-33055

Medium

Published: 06 January 2025

Published
06 January 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

Security Summary

CVE-2024-33055 is a memory corruption vulnerability classified under CWE-416 (use-after-free), triggered while invoking IOCTL calls to unmap DMA buffers. It affects components within Qualcomm products, as detailed in the vendor's January 2025 security bulletin.

The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Exploitation requires local access with high privileges, low attack complexity, and no user interaction, enabling an attacker to achieve high impacts on confidentiality, integrity, and availability through memory corruption.

Qualcomm's security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on affected products, exploitation status, and recommended mitigations or patches.

Details

CWE(s)
CWE-416

Affected Products

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6696 firmware
all versions
qualcomm
qcm8550 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
qcs8550 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sa6145p firmware
all versions
+29 more product configuration(s) — see NVD for full list

References