CVE-2024-33055

Q: What is the severity of CVE-2024-33055?

CVE-2024-33055 has a CVSS score of 6.7 (MEDIUM). This vulnerability allows attackers to cause memory corruption by making specific IOCTL calls to unmap DMA buffers in Qualcomm components. It affects systems using vulnerable Qualcomm chipsets and drivers, potentially allowing local privilege escalation or denial of service.

6.7 MEDIUM

📋 TL;DR

This vulnerability allows attackers to cause memory corruption by making specific IOCTL calls to unmap DMA buffers in Qualcomm components. It affects systems using vulnerable Qualcomm chipsets and drivers, potentially allowing local privilege escalation or denial of service.

💻 Affected Systems

Products:

Qualcomm chipsets and associated drivers

Versions: Specific versions not detailed in reference; check Qualcomm January 2025 bulletin for exact affected versions.

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm hardware where DMA buffer management is exposed through vulnerable IOCTL interfaces.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, allowing complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local denial of service through system crashes or instability, potentially leading to data loss or service disruption.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized users from making IOCTL calls.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this for privilege escalation or denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to make specific IOCTL calls; memory corruption vulnerabilities can be complex to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm January 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset/driver versions. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot system to load patched components.

🔧 Temporary Workarounds

Restrict IOCTL access

linux

Limit access to vulnerable IOCTL interfaces using SELinux/AppArmor policies or kernel module restrictions

# Example SELinux policy to restrict ioctl access
# require specific policy development for target system

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from making IOCTL calls
Monitor system logs for unusual IOCTL activity and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset/driver versions against January 2025 bulletin; examine system for vulnerable IOCTL interfaces

Check Version:

# Check Qualcomm driver versions: dmesg | grep -i qualcomm OR check /sys/class/... vendor-specific paths

Verify Fix Applied:

Verify updated Qualcomm driver/firmware versions match patched versions in advisory

📡 Detection & Monitoring

Log Indicators:

Unusual IOCTL calls to DMA-related interfaces
Kernel panic or crash logs mentioning memory corruption
Failed DMA operations in system logs

Network Indicators:

Not network exploitable; focus on local system monitoring

SIEM Query:

source="kernel" AND ("IOCTL" OR "DMA") AND ("corruption" OR "panic" OR "oops")

📊 Metadata

CVE ID: CVE-2024-33055

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.07% exploit probability (20.2th percentile)

Published: January 6, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon Ar2 Gen 1 Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Sxr2250p Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm