CVE-2024-33040
HIGHCVSS 7/10EPSS 0.09%
Last modified
CVE-2024-33040 is a high-severity vulnerability rated 7/10 on the CVSS scale. Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.. EPSS estimates a 0.09% chance of exploitation in the next 30 days.
Description
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Fastconnect 6800 Firmware | All versions |
| Qualcomm | Fastconnect 6900 Firmware | All versions |
| Qualcomm | Fastconnect 7800 Firmware | All versions |
| Qualcomm | Qam8255p Firmware | All versions |
| Qualcomm | Qca6391 Firmware | All versions |
| Qualcomm | Qca6426 Firmware | All versions |
| Qualcomm | Qca6436 Firmware | All versions |
| Qualcomm | Qca6595au Firmware | All versions |
| Qualcomm | Qca6678aq Firmware | All versions |
| Qualcomm | Sa8255p Firmware | All versions |
| Qualcomm | Sd865 5g Firmware | All versions |
| Qualcomm | Snapdragon 8 Gen 1 Mobile Platform Firmware | All versions |
| Qualcomm | Snapdragon 865 5g Mobile Platform Firmware | All versions |
| Qualcomm | Snapdragon 865\+ 5g Mobile Platform Firmware | All versions |
| Qualcomm | Snapdragon 870 5g Mobile Platform Firmware | All versions |
| Qualcomm | Snapdragon W5\+ Gen 1 Wearable Platform Firmware | All versions |
| Qualcomm | Snapdragon X55 5g Modem-Rf System Firmware | All versions |
| Qualcomm | Snapdragon Xr2 5g Platform Firmware | All versions |
| Qualcomm | Sw5100 Firmware | All versions |
| Qualcomm | Sw5100p Firmware | All versions |
| Qualcomm | Sxr2130 Firmware | All versions |
| Qualcomm | Wcd9380 Firmware | All versions |
| Qualcomm | Wcn3660b Firmware | All versions |
| Qualcomm | Wcn3680b Firmware | All versions |
| Qualcomm | Wcn3980 Firmware | All versions |
| Qualcomm | Wcn3988 Firmware | All versions |
| Qualcomm | Wsa8810 Firmware | All versions |
| Qualcomm | Wsa8815 Firmware | All versions |
| Qualcomm | Wsa8830 Firmware | All versions |
| Qualcomm | Wsa8835 Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-33040?
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
How severe is CVE-2024-33040?
CVE-2024-33040 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.09% probability of exploitation in the next 30 days.
How do I fix CVE-2024-33040?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2024-33040?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST