CVE-2024-33054

Q: What is the severity of CVE-2024-33054?

CVE-2024-33054 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption during the handshake process between Primary and Trusted Virtual Machines in Qualcomm platforms. Attackers could potentially execute arbitrary code or cause denial of service. Affected systems include devices using vulnerable Qualcomm components.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption during the handshake process between Primary and Trusted Virtual Machines in Qualcomm platforms. Attackers could potentially execute arbitrary code or cause denial of service. Affected systems include devices using vulnerable Qualcomm components.

💻 Affected Systems

Products:

Qualcomm platforms with virtualization support

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected versions

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using Qualcomm's virtualization technology for secure environments

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

System crash or denial of service affecting virtual machine functionality

🟢

If Mitigated

Limited impact with proper isolation and access controls in place

🌐 Internet-Facing: MEDIUM - Requires specific handshake conditions but could be exploited remotely

🏢 Internal Only: HIGH - Virtual machine communication is often internal but critical to system integrity

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific timing and access to virtual machine communication channels

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm September 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Obtain firmware/software updates from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot affected systems.

🔧 Temporary Workarounds

Isolate Virtual Machine Communication

all

Restrict access to virtual machine communication interfaces

Disable Unnecessary Virtualization Features

linux

Turn off unused virtualization components if not required

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Monitor virtual machine communication for anomalous handshake patterns

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and compare against September 2024 security bulletin

Check Version:

Check device specifications or use manufacturer-specific commands (e.g., 'getprop' for Android devices)

Verify Fix Applied:

Verify firmware/software version matches patched versions in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Virtual machine handshake failures
Memory corruption errors in system logs
Unexpected virtual machine restarts

Network Indicators:

Anomalous inter-VM communication patterns
Unexpected handshake retries

SIEM Query:

Search for 'CVE-2024-33054' or 'Qualcomm virtualization handshake' in security logs

📊 Metadata

CVE ID: CVE-2024-33054

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 2, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm