CVE-2024-33061

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

History

10 Jan 2025, 16:49

Type	Values Removed	Values Added
CPE		cpe:2.3:h:qualcomm:sw5100p:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3988:-:::::::* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3680b:-:::::::* cpe:2.3:h:qualcomm:qcs8550:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:h:qualcomm:wcn3660b:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:sw5100:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:o:qualcomm:sw5100_firmware:-:::::::* cpe:2.3:o:qualcomm:sw5100p_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs8550_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::*
First Time		Qualcomm wcn3660b Firmware Qualcomm sw5100 Qualcomm wcn3980 Firmware Qualcomm wsa8835 Firmware Qualcomm qcs8550 Qualcomm wsa8835 Qualcomm wcn3980 Qualcomm wcn3988 Firmware Qualcomm qcs8550 Firmware Qualcomm sw5100p Qualcomm wcn3660b Qualcomm sw5100 Firmware Qualcomm wsa8830 Firmware Qualcomm wsa8830 Qualcomm wcn3680b Firmware Qualcomm wcn3988 Qualcomm wcn3680b Qualcomm Qualcomm sw5100p Firmware
References	~~() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html -~~	() https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html - Patch, Vendor Advisory
Summary		(es) Divulgación de información durante el procesamiento de una llamada IOCTL realizada para liberar un proceso de VM confiable o abrir un canal sin inicializar el proceso.
CWE		CWE-125

06 Jan 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 11:15

Updated : 2025-01-10 16:49

NVD link : CVE-2024-33061

Mitre link : CVE-2024-33061

CVE.ORG link : CVE-2024-33061

JSON object : View

Products Affected

qualcomm

wcn3980_firmware
sw5100_firmware
sw5100p
sw5100
wcn3988
wsa8830
wcn3680b
wcn3660b_firmware
wsa8835_firmware
wcn3988_firmware
sw5100p_firmware
wsa8830_firmware
qcs8550_firmware
wcn3660b
wsa8835
wcn3680b_firmware
qcs8550
wcn3980

CWE

CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read

6.8 /10