CVE-2024-33063
📋 TL;DR
This vulnerability allows an attacker to cause a denial-of-service (DoS) condition by sending specially crafted beacon frames with malformed Multi-Link (ML) Information Elements. It affects devices using Qualcomm Wi-Fi chipsets that parse these frames, potentially disrupting wireless connectivity.
💻 Affected Systems
- Qualcomm Wi-Fi chipsets and devices using them
📦 What is this software?
Immersive Home 3210 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 3210 Platform Firmware →
Immersive Home 326 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 326 Platform Firmware →
Snapdragon 429 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 429 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X72 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X72 5g Modem Rf System Firmware →
Snapdragon X75 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →
Video Collaboration Vc3 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc3 Platform Firmware →
Video Collaboration Vc5 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc5 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete wireless network disruption for affected devices, requiring reboot or reconnection to restore functionality.
Likely Case
Temporary loss of Wi-Fi connectivity on vulnerable devices when exposed to malicious beacon frames.
If Mitigated
Minimal impact with proper network segmentation and monitoring in place.
🎯 Exploit Status
Exploitation requires crafting and transmitting malicious beacon frames; no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm security bulletin for specific firmware/driver updates.
Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html
Restart Required: Yes
Instructions:
1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches for affected chipsets. 3. Reboot device after update.
🔧 Temporary Workarounds
Disable Wi-Fi if not needed
allTurn off Wi-Fi on vulnerable devices to prevent exploitation.
Network segmentation
allIsolate vulnerable devices on separate network segments to limit attack surface.
🧯 If You Can't Patch
- Monitor for unusual beacon frame activity using wireless intrusion detection systems.
- Implement strict access controls to limit who can connect to Wi-Fi networks.
🔍 How to Verify
Check if Vulnerable:
Check device specifications against Qualcomm's affected chipsets list in the advisory.Check Version:
Device-specific; typically 'iwconfig' or manufacturer-provided tools on Linux, or device settings on other OSes.Verify Fix Applied:
Verify firmware/driver version matches patched versions specified by manufacturer.📡 Detection & Monitoring
Log Indicators:
- Unexpected device disconnections
- Wi-Fi driver crash logs
Network Indicators:
- Unusual beacon frame patterns
- Spike in malformed ML IE packets
SIEM Query:
Search for events related to Wi-Fi interface resets or driver failures.