Qcs8550 Firmware
CVE-2024-33061
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.
AnalysisAI
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-126. Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. Affected products include: Qualcomm Qcs8550 Firmware, Qualcomm Sw5100 Firmware, Qualcomm Sw5100P Firmware, Qualcomm Wcn3660B Firmware, Qualcomm Wcn3680B Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Qcs8550 Firmware
View allA Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory
Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vul
Memory corruption while processing Codec2 during v13k decoder pitch synthesis. Rated critical severity (CVSS 9.8), this
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln
Memory corruption in Modem while processing security related configuration before AS Security Exchange. Rated critical s
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no
Cryptographic issue occurs due to use of insecure connection method while downloading.
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today