CVE-2024-33061

MEDIUM

Qualcomm Qcs8550 Firmware - Buffer Over-read

Title source: rule

Description

Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.

References (1)

[Patch, Vendor Advisory] https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

Scores

CVSS v3 6.8

EPSS 0.0007

EPSS Percentile 22.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125 CWE-126

Status published

Products (9)

qualcomm/qcs8550_firmware

qualcomm/sw5100_firmware

qualcomm/sw5100p_firmware

qualcomm/wcn3660b_firmware

qualcomm/wcn3680b_firmware

qualcomm/wcn3980_firmware

qualcomm/wcn3988_firmware

qualcomm/wsa8830_firmware

qualcomm/wsa8835_firmware

Published Jan 06, 2025

Tracked Since Feb 18, 2026