Snapdragon Auto 5g Modem Rf Gen 2 Firmware
CVE-2024-33029
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Memory corruption while handling the PDR in driver for getting the remote heap maps.
AnalysisAI
Memory corruption while handling the PDR in driver for getting the remote heap maps. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Memory corruption while handling the PDR in driver for getting the remote heap maps. Affected products include: Qualcomm Snapdragon Auto 5G Modem-Rf Gen 2 Firmware, Qualcomm Qca6698Aq Firmware, Qualcomm Qca6584Au Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vul
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this
Cryptographic issue occurs due to use of insecure connection method while downloading.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic
Information Disclosure while parsing beacon frame in STA. Rated critical severity (CVSS 9.1), this vulnerability is remo
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Rated critical severity (CVSS 9.
Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Rated high severity (
Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is re
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today