CVE-2024-33039: Untrusted Pointer Dereference in Audio

First published: Mon Dec 02 2024(Updated: )

Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
All of
Qualcomm Qam8255p Firmware
Qualcomm Qam8255p
All of
Qualcomm Qam8650p Firmware
Qualcomm Qam8650p
All of
Qualcomm Qam8775p Firmware
Qualcomm Qam8775p
All of
Qualcomm Qamsrv1h Firmware
Qualcomm Qamsrv1h
All of
Qualcomm Qamsrv1m Firmware
Qualcomm Qamsrv1m
All of
Qualcomm Sa7255p Firmware
Qualcomm Sa7255p
All of
Qualcomm Sa7775p Firmware
Qualcomm Sa7775p
All of
Qualcomm Sa8255p Firmware
Qualcomm Sa8255p
All of
Qualcomm Sa8620p Firmware
Qualcomm Sa8620p
All of
Qualcomm Sa8650p Firmware
Qualcomm Sa8650p
All of
Qualcomm Sa8770p Firmware
Qualcomm Sa8770p
All of
Qualcomm Sa8775p Firmware
Qualcomm Sa8775p
All of
Qualcomm Sa9000p Firmware
Qualcomm Sa9000p
All of
Qualcomm Snapdragon W5\+ Gen 1 Wearable Platform Firmware
Qualcomm Snapdragon W5\+ Gen 1 Wearable Platform
All of
Qualcomm Srv1h Firmware
Qualcomm Srv1h
All of
Qualcomm Srv1m Firmware
Qualcomm Srv1m
All of
Qualcomm Sw5100 Firmware
Qualcomm Sw5100
All of
Qualcomm Sw5100p Firmware
Qualcomm Sw5100p
All of
Qualcomm Wcn3980 Firmware
Qualcomm Wcn3980
All of
Qualcomm Wcn3988 Firmware
Qualcomm Wcn3988
All of
Qualcomm Wsa8830 Firmware
Qualcomm Wsa8830
All of
Qualcomm Wsa8835 Firmware
Qualcomm Wsa8835

Remedy

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Never miss a vulnerability like this again

Reference Links

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/remedy
agent/tags
agent/softwarecombine
vendor/qualcomm
canonical/qualcomm qam8255p firmware
canonical/qualcomm qam8255p
canonical/qualcomm qam8650p firmware
canonical/qualcomm qam8650p
canonical/qualcomm qam8775p firmware
canonical/qualcomm qam8775p
canonical/qualcomm qamsrv1h firmware
canonical/qualcomm qamsrv1h
canonical/qualcomm qamsrv1m firmware
canonical/qualcomm qamsrv1m
canonical/qualcomm sa7255p firmware
canonical/qualcomm sa7255p
canonical/qualcomm sa7775p firmware
canonical/qualcomm sa7775p
canonical/qualcomm sa8255p firmware
canonical/qualcomm sa8255p
canonical/qualcomm sa8620p firmware
canonical/qualcomm sa8620p
canonical/qualcomm sa8650p firmware
canonical/qualcomm sa8650p
canonical/qualcomm sa8770p firmware
canonical/qualcomm sa8770p
canonical/qualcomm sa8775p firmware
canonical/qualcomm sa8775p
canonical/qualcomm sa9000p firmware
canonical/qualcomm sa9000p
canonical/qualcomm snapdragon w5\+ gen 1 wearable platform firmware
canonical/qualcomm snapdragon w5\+ gen 1 wearable platform
canonical/qualcomm srv1h firmware
canonical/qualcomm srv1h
canonical/qualcomm srv1m firmware
canonical/qualcomm srv1m
canonical/qualcomm sw5100 firmware
canonical/qualcomm sw5100
canonical/qualcomm sw5100p firmware
canonical/qualcomm sw5100p
canonical/qualcomm wcn3980 firmware
canonical/qualcomm wcn3980
canonical/qualcomm wcn3988 firmware
canonical/qualcomm wcn3988
canonical/qualcomm wsa8830 firmware
canonical/qualcomm wsa8830
canonical/qualcomm wsa8835 firmware
canonical/qualcomm wsa8835

CVE-2024-33039: Untrusted Pointer Dereference in Audio

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact