Qualcomm Snapdragon Auto up to X75 5G Modem-RF System Response Frame buffer over-read

Summaryinfo

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking and classified as critical. This affects an unknown part of the component Response Frame Handler. Executing a manipulation can lead to buffer over-read. This vulnerability is tracked as CVE-2024-33048. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking and classified as critical. This vulnerability affects an unknown code of the component Response Frame Handler. The manipulation with an unknown input leads to a buffer over-read vulnerability. The CWE definition for the vulnerability is CWE-126. The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. As an impact it is known to affect availability. CVE summarizes:

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.

The advisory is available at docs.qualcomm.com. This vulnerability was named CVE-2024-33048 since 04/23/2024. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Connectivity
• Snapdragon Consumer Electronics Connectivity
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Mobile
• Snapdragon Wearables
• Snapdragon Wired Infrastructure and Networking

Version

• 8 Gen 2 Mobile Platform
• 8 Gen 3 Mobile Platform
• 8+ Gen 2 Mobile Platform
• 429 Mobile Platform
• 835 Mobile PC Platform
• 865 5G Mobile Platform
• 865+ 5G Mobile Platform (SM8250-AB)
• 870 5G Mobile Platform (SM8250-AC)
• AR2 Gen 1 Platform
• AR8035
• Auto 5G Modem-RF Gen 2
• CSR8811
• FastConnect 6700
• FastConnect 6800
• FastConnect 6900
• FastConnect 7800
• Flight RB5 5G Platform
• Immersive Home 214 Platform
• Immersive Home 216 Platform
• Immersive Home 316 Platform
• Immersive Home 318 Platform
• Immersive Home 326 Platform
• Immersive Home 3210 Platform
• IPQ5010
• IPQ5028
• IPQ5300
• IPQ5302
• IPQ5312
• IPQ5332
• IPQ6000
• IPQ6010
• IPQ6018
• IPQ6028
• IPQ8070A
• IPQ8071A
• IPQ8072A
• IPQ8074A
• IPQ8076
• IPQ8076A
• IPQ8078
• IPQ8078A
• IPQ8173
• IPQ8174
• IPQ9008
• IPQ9554
• IPQ9570
• IPQ9574
• QAM8255P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA0000
• QCA4024
• QCA6310
• QCA6320
• QCA6391
• QCA6421
• QCA6426
• QCA6431
• QCA6436
• QCA6554A
• QCA6564AU
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6678AQ
• QCA6688AQ
• QCA6696
• QCA6698AQ
• QCA6777AQ
• QCA6787AQ
• QCA6797AQ
• QCA8075
• QCA8081
• QCA8082
• QCA8084
• QCA8085
• QCA8337
• QCA8386
• QCA9888
• QCA9889
• QCC710
• QCC2073
• QCC2076
• QCF8000
• QCF8001
• QCM5430
• QCM6490
• QCM8550
• QCN5022
• QCN5024
• QCN5052
• QCN5122
• QCN5124
• QCN5152
• QCN5154
• QCN5164
• QCN6023
• QCN6024
• QCN6112
• QCN6122
• QCN6132
• QCN6224
• QCN6274
• QCN6402
• QCN6412
• QCN6422
• QCN6432
• QCN9000
• QCN9022
• QCN9024
• QCN9070
• QCN9072
• QCN9074
• QCN9100
• QCN9160
• QCN9274
• QCS5430
• QCS6490
• QCS7230
• QCS8250
• QCS8550
• QFW7114
• QFW7124
• QRB5165N
• Qualcomm Video Collaboration VC3 Platform
• Qualcomm Video Collaboration VC5 Platform
• QXM8083
• Robotics RB5 Platform
• SA6155P
• SA7255P
• SA7775P
• SA8155P
• SA8195P
• SA8255P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SD835
• SDM429W
• SDX55
• SDX65M
• SG8275P
• SM8550P
• SM8635
• SRV1H
• SRV1L
• SRV1M
• SSG2115P
• SSG2125P
• SW5100
• SW5100P
• SXR1230P
• SXR2230P
• SXR2250P
• WCD9335
• WCD9340
• WCD9341
• WCD9370
• WCD9375
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3620
• WCN3660B
• WCN3980
• WCN3988
• WCN3990
• WCN6755
• WSA8810
• WSA8815
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• X55 5G Modem-RF System
• X65 5G Modem-RF System
• X72 5G Modem-RF System
• X75 5G Modem-RF System

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion