CVE-2024-33035

Q: What is the severity of CVE-2024-33035?

CVE-2024-33035 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption in Qualcomm's gralloc memory allocator when clients request extremely high reserved sizes. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected systems include devices using Qualcomm chipsets with vulnerable graphics memory management.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's gralloc memory allocator when clients request extremely high reserved sizes. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected systems include devices using Qualcomm chipsets with vulnerable graphics memory management.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable gralloc implementation

Versions: Specific versions not publicly detailed; refer to Qualcomm September 2024 bulletin

Operating Systems: Android and other OS using Qualcomm graphics components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where gralloc clients can request memory allocations. Exact chipset models and firmware versions require checking Qualcomm's advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, privilege escalation, or persistent malware installation.

🟠

Likely Case

Application crashes, denial of service, or limited memory corruption affecting specific processes.

🟢

If Mitigated

Controlled crashes without privilege escalation if proper memory isolation and exploit mitigations are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific memory allocation patterns. No public exploits known as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm September 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/firmware versions. 2. Obtain updated firmware from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to activate fixes.

🔧 Temporary Workarounds

Memory allocation restrictions

all

Implement input validation to reject excessively large memory allocation requests

Configuration dependent - implement in application code or system libraries

🧯 If You Can't Patch

Isolate affected systems from untrusted networks and users
Implement strict application sandboxing to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's advisory. Use: adb shell getprop ro.build.fingerprint (for Android devices)

Check Version:

adb shell getprop ro.build.fingerprint OR check device firmware settings

Verify Fix Applied:

Verify firmware version has been updated to patched version listed in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes related to graphics/memory allocation
Kernel panic logs mentioning memory corruption

Network Indicators:

Unusual outbound connections following graphics-related process crashes

SIEM Query:

Process:Name CONTAINS 'gralloc' AND EventID:1000 (Application Crash)

📊 Metadata

CVE ID: CVE-2024-33035

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: September 2, 2024

Last Updated: October 3, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8530p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6370 Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 460 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm

Snapdragon 662 Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon Xr2 5g Platform Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1l Firmware by Qualcomm

Srv1m Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Talynplus Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm