CVE-2024-33032

Q: What is the severity of CVE-2024-33032?

CVE-2024-33032 has a CVSS score of 6.7 (MEDIUM). This CVE describes a memory corruption vulnerability in Qualcomm components where asynchronous modification of shared memory by user applications while the kernel is accessing it can lead to system instability. This affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and embedded systems. Attackers could potentially exploit this to cause denial of service or execute arbitrary code.

6.7 MEDIUM

Denial of Service

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm components where asynchronous modification of shared memory by user applications while the kernel is accessing it can lead to system instability. This affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and embedded systems. Attackers could potentially exploit this to cause denial of service or execute arbitrary code.

💻 Affected Systems

Products:

Qualcomm chipsets and associated firmware

Versions: Specific versions not detailed in reference; check Qualcomm November 2024 bulletin for exact affected versions

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where user applications and kernel share memory regions without proper synchronization mechanisms.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to arbitrary code execution with kernel privileges, complete device takeover, and persistent backdoor installation.

🟠

Likely Case

System crashes, denial of service, application instability, and potential information disclosure through memory leaks.

🟢

If Mitigated

Limited to application crashes or system instability without privilege escalation if proper memory isolation controls are enforced.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires precise timing and knowledge of shared memory regions. Likely requires local access or malicious application installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm November 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict application permissions

linux

Limit applications' ability to access shared memory regions through SELinux/AppArmor policies

# Configure appropriate SELinux/AppArmor policies for memory access restrictions

Disable unnecessary services

linux

Reduce attack surface by disabling non-essential services that use shared memory

systemctl disable [unnecessary-service]

🧯 If You Can't Patch

Implement strict application whitelisting to prevent untrusted applications from running
Deploy memory protection mechanisms like ASLR and stack canaries where available

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's November 2024 security bulletin. Use 'getprop ro.build.fingerprint' on Android or check kernel version on Linux systems.

Check Version:

Android: getprop ro.build.version.security_patch | Linux: uname -r and check Qualcomm driver versions

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm advisory. Check that security patch level includes November 2024 or later.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Memory access violation errors in system logs
Application crashes with memory corruption errors

Network Indicators:

Unusual outbound connections following system instability events

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2024-33032

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: November 4, 2024

Last Updated: November 7, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C V2x 9150 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 690 5g Mobile Platform Firmware by Qualcomm

Snapdragon 750g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 765 5g Mobile Platform Firmware by Qualcomm

Snapdragon 765g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 768g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Snapdragon Wear 4100\+ Platform Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon Xr2 5g Platform Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Talynplus Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm