CVE-2024-33059

CVE-2024-33059 is a memory corruption vulnerability classified under CWE-416 (Use After Free) that occurs while processing frame command IOCTL calls in Qualcomm components. Published on January 6, 2025, it carries a CVSS v3.1 base score of 6.7, reflecting a local attack vector with low attack complexity.

A local attacker with high privileges (PR:H) can exploit this vulnerability without user interaction through low-complexity means. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and denial of service or system disruption (A:H), potentially via arbitrary code execution resulting from the memory corruption.

Qualcomm's January 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html, details affected products and recommends applying vendor-provided patches for mitigation.