315 5g Iot Firmware
CVE-2024-33060
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Memory corruption when two threads try to map and unmap a single node simultaneously.
AnalysisAI
Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Memory corruption when two threads try to map and unmap a single node simultaneously. Affected products include: Qualcomm 315 5G Iot Firmware, Qualcomm Aqt1000 Firmware, Qualcomm Ar8031 Firmware, Qualcomm Ar8035 Firmware, Qualcomm C-V2X 9150 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in 315 5g Iot Firmware
View allMemory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the vid
Memory corruption in WLAN HAL while parsing WMI command parameters. Rated high severity (CVSS 7.8), this vulnerability i
Memory corruption in WLAN HAL while handling command through WMI interfaces. Rated high severity (CVSS 7.8), this vulner
Memory Corruption in WLAN HOST while fetching TX status information. Rated high severity (CVSS 7.8), this vulnerability
Memory Corruption in Audio while allocating the ion buffer during the music playback. Rated high severity (CVSS 7.8), th
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. Rated high severity (CVSS
Transient DOS may occur while processing malformed length field in SSID IEs.
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Rated high severity (CVSS 7.
While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated med
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today