CVE-2024-33060

Q: What is the severity of CVE-2024-33060?

CVE-2024-33060 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption when two threads simultaneously map and unmap a single node in Qualcomm components. Successful exploitation could lead to arbitrary code execution or system crashes. Affects devices using vulnerable Qualcomm chipsets.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption when two threads simultaneously map and unmap a single node in Qualcomm components. Successful exploitation could lead to arbitrary code execution or system crashes. Affects devices using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm chipsets and devices using affected components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipset versions

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multi-threaded applications accessing shared memory nodes on vulnerable Qualcomm hardware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes, denial of service, or local privilege escalation on affected devices.

🟢

If Mitigated

System instability or crashes without code execution if memory protections are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires race condition timing and multi-threaded access to vulnerable memory operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm September 2024 security bulletin for specific chipset firmware updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable multi-threading for sensitive operations

all

Configure applications to avoid concurrent map/unmap operations on shared nodes

Application-specific configuration required

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Implement strict access controls and monitor for abnormal memory behavior

🔍 How to Verify

Check if Vulnerable:

Check device chipset version against Qualcomm's September 2024 security bulletin

Check Version:

Device-specific commands vary by manufacturer; typically in system settings or via 'getprop' on Android

Verify Fix Applied:

Verify firmware version has been updated to patched version from OEM

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes
Memory access violation logs
Kernel panic events

Network Indicators:

Unusual outbound connections following crashes

SIEM Query:

Process: (crash OR segfault) AND Source: (qualcomm OR chipset-related processes)

📊 Metadata

CVE ID: CVE-2024-33060

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 2, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

215 Mobile Firmware by Qualcomm

315 5g Iot Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2150 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm