CVE-2024-33065

Q: What is the severity of CVE-2024-33065?

CVE-2024-33065 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption in Qualcomm camera drivers when taking snapshots with specific offset variables. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm camera drivers.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm camera drivers when taking snapshots with specific offset variables. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm camera drivers.

💻 Affected Systems

Products:

Qualcomm camera driver components

Versions: Specific versions not detailed in reference; check Qualcomm October 2024 bulletin

Operating Systems: Android and other mobile/embedded systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Requires camera functionality to be active; affects devices with specific Qualcomm camera driver implementations

📦 What is this software?

Snapdragon 7c Gen 2 Compute Platform \(sc7180 Ad\) \"rennell Pro\" Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c Gen 2 Compute Platform \(sc7180 Ad\) \"rennell Pro\" Firmware →

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →

Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8c Compute Platform \(sc8180x Ad\) Firmware →

Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8c Compute Platform \(sc8180xp Ad\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180x Aa\, Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180x Aa\, Ab\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180xp Ac\) Firmware →

Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Compute Platform \(sc8180xp Af\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Ac\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180x Af\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Aa\) Firmware →

Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform \(sc8180xp Ab\) Firmware →

Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\, Bb\) Firmware by Qualcomm

View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform \(sc8280xp Ab\, Bb\) Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on affected devices.

🟢

If Mitigated

Denial of service causing camera functionality disruption without code execution.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to trigger camera snapshot functionality; memory corruption vulnerabilities often lead to reliable exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm October 2024 security bulletin for specific chipset updates

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset list. 2. Obtain firmware updates from device manufacturer. 3. Apply security patches through device update mechanism. 4. Reboot device to activate fixes.

🔧 Temporary Workarounds

Disable camera functionality

android

Temporarily disable camera services to prevent exploitation

adb shell pm disable com.android.camera2
adb shell pm disable-user --user 0 com.android.camera

Restrict camera permissions

android

Remove camera permissions from untrusted applications

adb shell pm revoke <package_name> android.permission.CAMERA

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement application allowlisting to prevent unauthorized camera access

🔍 How to Verify

Check if Vulnerable:

Check device chipset against Qualcomm's October 2024 security bulletin affected components list

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level includes October 2024 or later Qualcomm updates

📡 Detection & Monitoring

Log Indicators:

Camera service crashes
Kernel panic logs related to camera driver
Memory corruption warnings in dmesg

Network Indicators:

Unusual camera activation patterns
Suspicious processes accessing camera hardware

SIEM Query:

source="android_logs" AND ("camera crash" OR "kernel panic" OR "segmentation fault") AND component="camera"

📊 Metadata

CVE ID: CVE-2024-33065

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 7, 2024

Last Updated: December 31, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Vendor Advisory