Qualcomm Snapdragon Auto up to X75 5G Modem-RF System Beacon Frame use after free

Summaryinfo

A vulnerability categorized as critical has been discovered in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. This impacts an unknown function of the component Beacon Frame Handler. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-33068. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. Affected by this issue is an unknown functionality of the component Beacon Frame Handler. The manipulation with an unknown input leads to a use after free vulnerability. Using CWE to declare the problem leads to CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Impacted is availability. CVE summarizes:

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

The advisory is available at docs.qualcomm.com. This vulnerability is handled as CVE-2024-33068 since 04/23/2024. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 11/04/2024).

Upgrading eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Chip Software

Vendor

• Qualcomm

Name

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Mobile
• Snapdragon Wearables
• Snapdragon Wired Infrastructure and Networking

Version

• 8 Gen 2 Mobile Platform
• 8 Gen 3 Mobile Platform
• 8+ Gen 2 Mobile Platform
• 429 Mobile Platform
• AR2 Gen 1 Platform
• AR8035
• Auto 5G Modem-RF Gen 2
• FastConnect 6900
• FastConnect 7800
• Immersive Home 326 Platform
• Immersive Home 3210 Platform
• IPQ5302
• IPQ5312
• IPQ5332
• IPQ9008
• IPQ9574
• QAM8255P
• QAM8295P
• QAM8620P
• QAM8650P
• QAM8775P
• QAMSRV1H
• QAMSRV1M
• QCA6391
• QCA6554A
• QCA6564AU
• QCA6574
• QCA6574A
• QCA6574AU
• QCA6584AU
• QCA6595
• QCA6595AU
• QCA6678AQ
• QCA6688AQ
• QCA6696
• QCA6698AQ
• QCA6777AQ
• QCA6787AQ
• QCA6797AQ
• QCA8081
• QCA8082
• QCA8084
• QCA8085
• QCA8337
• QCA8386
• QCC710
• QCF8000
• QCF8001
• QCM8550
• QCN5124
• QCN6224
• QCN6274
• QCN6402
• QCN6412
• QCN6422
• QCN6432
• QCN9000
• QCN9024
• QCN9074
• QCN9274
• QCS6490
• QCS7230
• QCS8250
• QCS8550
• QFW7114
• QFW7124
• Qualcomm Video Collaboration VC3 Platform
• Qualcomm Video Collaboration VC5 Platform
• SA6155P
• SA7255P
• SA7775P
• SA8155P
• SA8195P
• SA8255P
• SA8295P
• SA8620P
• SA8650P
• SA8770P
• SA8775P
• SA9000P
• SDM429W
• SDX65M
• SG8275P
• SM8550P
• SM8635
• SM8750
• SM8750P
• SRV1H
• SRV1L
• SRV1M
• SSG2115P
• SSG2125P
• SXR1230P
• SXR2230P
• SXR2250P
• Vision Intelligence 400 Platform
• WCD9335
• WCD9340
• WCD9341
• WCD9370
• WCD9375
• WCD9380
• WCD9385
• WCD9390
• WCD9395
• WCN3620
• WCN3660B
• WCN3990
• WCN6755
• WCN7860
• WCN7861
• WCN7880
• WCN7881
• WSA8830
• WSA8832
• WSA8835
• WSA8840
• WSA8845
• WSA8845H
• X65 5G Modem-RF System
• X72 5G Modem-RF System
• X75 5G Modem-RF System

License

• commercial

Website

• Vendor: https://www.qualcomm.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion