CVE-2024-33058

Q: What is the severity of CVE-2024-33058?

CVE-2024-33058 has a CVSS score of 7.5 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm's ADSP (Audio Digital Signal Processor) when handling memory allocation from the HLOS (High-Level Operating System) DDR memory. Attackers could potentially execute arbitrary code with elevated privileges on affected devices. This affects devices using vulnerable Qualcomm chipsets.

7.5 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm's ADSP (Audio Digital Signal Processor) when handling memory allocation from the HLOS (High-Level Operating System) DDR memory. Attackers could potentially execute arbitrary code with elevated privileges on affected devices. This affects devices using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm chipsets with ADSP functionality

Versions: Specific versions not detailed in reference; affected versions would be those prior to April 2025 security patches

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm SoCs with ADSP components. Exact chipset models would be specified in Qualcomm's detailed advisories.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel-level privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated system access from a lower-privileged position.

🟢

If Mitigated

Denial of service or system instability if memory corruption triggers crashes instead of successful exploitation.

🌐 Internet-Facing: LOW - This appears to require local access or proximity to the device rather than being remotely exploitable over networks.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or attackers who gain initial foothold on the device through other means.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Memory corruption vulnerabilities typically require sophisticated exploitation techniques. No public exploit code is mentioned in the reference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: April 2025 security patches from Qualcomm

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available firmware updates. 2. Apply Qualcomm's April 2025 security patches. 3. Reboot device after patch installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

No known effective workarounds

all

Memory corruption vulnerabilities at this level typically require vendor patches

🧯 If You Can't Patch

Isolate affected devices from untrusted networks and users
Implement strict access controls and monitor for unusual system behavior

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's security bulletin. Review system logs for ADSP-related crashes or memory errors.

Check Version:

Device-specific commands vary by manufacturer. Typically: 'getprop ro.build.fingerprint' or checking firmware version in device settings.

Verify Fix Applied:

Verify that April 2025 or later Qualcomm security patches are installed. Check that ADSP firmware version has been updated.

📡 Detection & Monitoring

Log Indicators:

ADSP subsystem crashes
Memory allocation failures
Kernel panic logs related to audio/dsp subsystems

Network Indicators:

No specific network indicators as this is a local vulnerability

SIEM Query:

Search for: 'ADSP crash' OR 'audio DSP failure' OR 'Qualcomm DSP error' in system logs

📊 Metadata

CVE ID: CVE-2024-33058

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-1220

EPSS Score: 0.05% exploit probability (15.9th percentile)

Published: April 7, 2025

Last Updated: October 3, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8300 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qmp1000 Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Robotics Rb3 Platform Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm