7
CVE-2024-33040
- EPSS 0.02%
- Published 02.12.2024 11:15:08
- Last modified 12.12.2024 15:21:35
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Fastconnect 6800 Firmware Version-
Qualcomm ≫ Fastconnect 6900 Firmware Version-
Qualcomm ≫ Fastconnect 7800 Firmware Version-
Qualcomm ≫ Qam8255p Firmware Version-
Qualcomm ≫ Qca6391 Firmware Version-
Qualcomm ≫ Qca6426 Firmware Version-
Qualcomm ≫ Qca6436 Firmware Version-
Qualcomm ≫ Qca6595au Firmware Version-
Qualcomm ≫ Qca6678aq Firmware Version-
Qualcomm ≫ Sa8255p Firmware Version-
Qualcomm ≫ Sd865 5g Firmware Version-
Qualcomm ≫ Snapdragon Xr2 5g Platform Firmware Version-
Qualcomm ≫ Sw5100 Firmware Version-
Qualcomm ≫ Sw5100p Firmware Version-
Qualcomm ≫ Sxr2130 Firmware Version-
Qualcomm ≫ Wcd9380 Firmware Version-
Qualcomm ≫ Wcn3660b Firmware Version-
Qualcomm ≫ Wcn3680b Firmware Version-
Qualcomm ≫ Wcn3980 Firmware Version-
Qualcomm ≫ Wcn3988 Firmware Version-
Qualcomm ≫ Wsa8810 Firmware Version-
Qualcomm ≫ Wsa8815 Firmware Version-
Qualcomm ≫ Wsa8830 Firmware Version-
Qualcomm ≫ Wsa8835 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.038 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| product-security@qualcomm.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.