CVE-2024-33029 - Vulnerability Details

Memory corruption while handling the PDR in driver for getting the remote heap maps.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Qualcomm	Qca6584au Qca6584au Firmware Qca6698aq Qca6698aq Firmware Snapdragon Auto 5g Modem-rf Gen 2 Snapdragon Auto 5g Modem-rf Gen 2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-30774	Memory corruption while handling the PDR in driver for getting the remote heap maps.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

History

Thu, 07 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm qca6584au Qualcomm qca6698aq Qualcomm snapdragon Auto 5g Modem-rf Gen 2
CPEs		cpe:2.3:h:qualcomm:qca6584au:-:::::::* cpe:2.3:h:qualcomm:qca6698aq:-:::::::* cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:::::::*
Vendors & Products		Qualcomm qca6584au Qualcomm qca6698aq Qualcomm snapdragon Auto 5g Modem-rf Gen 2

Mon, 04 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm qca6584au Firmware Qualcomm qca6698aq Firmware Qualcomm snapdragon Auto 5g Modem-rf Gen 2 Firmware
CPEs		cpe:2.3:o:qualcomm:qca6584au_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6698aq_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm qca6584au Firmware Qualcomm qca6698aq Firmware Qualcomm snapdragon Auto 5g Modem-rf Gen 2 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 04 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Description		Memory corruption while handling the PDR in driver for getting the remote heap maps.
Title		Use After Free in DSP Services
Weaknesses		CWE-416
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-04T10:04:36.813Z

Updated: 2024-11-08T04:55:11.443Z

Reserved: 2024-04-23T04:42:06.930Z

Link: CVE-2024-33029

Vulnrichment

Updated: 2024-11-04T11:13:00.660Z

NVD

Status : Analyzed

Published: 2024-11-04T10:15:05.147

Modified: 2024-11-07T19:54:49.197

Link: CVE-2024-33029

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object