CVE-2024-33024

Q: What is the severity of CVE-2024-33024?

CVE-2024-33024 has a CVSS score of 7.5 (HIGH). This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted Wi-Fi beacon frames with malformed Multi-Link (ML) Information Elements. It affects devices using Qualcomm Wi-Fi chipsets that parse these frames, potentially disrupting wireless connectivity.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows an attacker to cause a Denial of Service (DoS) by sending specially crafted Wi-Fi beacon frames with malformed Multi-Link (ML) Information Elements. It affects devices using Qualcomm Wi-Fi chipsets that parse these frames, potentially disrupting wireless connectivity.

💻 Affected Systems

Products:

Qualcomm Wi-Fi chipsets and devices using them

Versions: Specific affected versions not publicly detailed in bulletin

Operating Systems: Android, Linux, and other OS using Qualcomm Wi-Fi drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Wi-Fi enabled and using vulnerable Qualcomm firmware/drivers

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete wireless network disruption for affected devices, requiring reboot or reconnection

🟠

Likely Case

Temporary Wi-Fi disconnection or instability on vulnerable devices when malicious beacons are received

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware

🌐 Internet-Facing: MEDIUM - Requires proximity to send malicious beacons but no authentication needed

🏢 Internal Only: MEDIUM - Internal attackers could disrupt wireless networks within range

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Sending malformed beacon frames is straightforward

Exploitation requires proximity to target device and ability to transmit Wi-Fi frames

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to August 2024 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm-provided patches 3. Update Wi-Fi driver/firmware 4. Reboot device

🔧 Temporary Workarounds

Disable Wi-Fi when not needed

all

Turn off Wi-Fi on critical devices to prevent beacon reception

Network segmentation

all

Isolate vulnerable devices on separate network segments

🧯 If You Can't Patch

Implement physical security controls to limit proximity attacks
Use wired connections for critical devices instead of Wi-Fi

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm Wi-Fi chipset and firmware version against August 2024 bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., 'adb shell getprop' for Android, manufacturer diagnostic tools)

Verify Fix Applied:

Verify firmware version has been updated to patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Wi-Fi disconnection events
Driver crash logs
Unexpected beacon frame parsing errors

Network Indicators:

Unusual beacon frame patterns
ML IE length anomalies in packet captures

SIEM Query:

Search for Wi-Fi interface errors, driver crashes, or authentication failures coinciding with beacon reception

📊 Metadata

CVE ID: CVE-2024-33024

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

Published: August 5, 2024

Last Updated: November 20, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm