CVE-2024-33040

MEDIUM

Qualcomm FastConnect and Snapdragon Firmware - Use-After-Free via Redundant Buffer Release

Title source: llm

Description

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Scores

CVSS v3 6.7

EPSS 0.0007

EPSS Percentile 20.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (30)

qualcomm/fastconnect_6800_firmware

qualcomm/fastconnect_6900_firmware

qualcomm/fastconnect_7800_firmware

qualcomm/qam8255p_firmware

qualcomm/qca6391_firmware

qualcomm/qca6426_firmware

qualcomm/qca6436_firmware

qualcomm/qca6595au_firmware

qualcomm/qca6678aq_firmware

qualcomm/sa8255p_firmware

... and 20 more

Published Dec 02, 2024

Tracked Since Feb 18, 2026