CRITICAL🇵🇱 Wersja polska

CVE-2024-33066

CVSS 9.8v3.1pub. 2024-10-07upd. 2024-10-16

Memory corruption while redirecting log file to any file location with any file name.

🤖 AI Analysis
How it works

The error results from improper input data validation (CWE-20) during the operation of redirecting an event log file to any location and under any file name. Insufficient control of passed parameters leads to memory corruption. The attack can be performed remotely, without authentication and without user interaction.

Impact

An attacker can gain full control over the vulnerable component, including confidentiality, integrity, and system availability – which corresponds to the ability to execute arbitrary code (RCE) or cause serious device stability violations.

Mitigation & patch

Apply patches available from the vendor according to the references – detailed information about fixes is contained in Qualcomm's October 2024 security bulletin: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Who is affected

Qualcomm Snapdragon X65 5G Modem-RF System (firmware), Qualcomm SDX65M (firmware), Qualcomm SDX55 (firmware) – exact versions indicated in vendor references (Qualcomm October 2024 bulletin)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Ipq8076

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8076a

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8076a Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8076 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8078

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8078a

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8078a Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8078 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8173

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8173 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8174

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq8174 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9008

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9008 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9554

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9554 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9574

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq9574 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca4024

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca4024 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8075

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8075 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8081

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8081 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8082

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8082 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8084

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8084 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8085

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca8085 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-45569CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware

CVE-2023-43538CRITICAL9.3PL ✓ten sam produkt

Uszkodzenie pamięci w TZ Secure OS podczas inicjalizacji Tunnel Invoke Manager (Qualcomm)

CVE-2023-43556CRITICAL9.3PL ✓ten sam produkt

Qualcomm Hypervisor – buffer overflow przez niezalignowane dane platformy