#VU95370 Improper Access Control in Qualcomm products - CVE-2024-33027

Cybersecurity Help s.r.o.

Published: 2024-08-05

Vulnerability identifier: #VU95370

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-33027

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics Linux. A local application can execute arbitrary code.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

315 5G IoT Modem: All versions

AQT1000: All versions

AR8031: All versions

C-V2X 9150: All versions

CSRA6620: All versions

CSRA6640: All versions

FastConnect 6200: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6335: All versions

QCA6391: All versions

QCA6420: All versions

QCA6430: All versions

QCA6564: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QCA9377: All versions

QCM6125: All versions

QCN9074: All versions

QCS410: All versions

QCS610: All versions

QCS6125: All versions

Qualcomm 205 Mobile Platform: All versions

Qualcomm 215 Mobile Platform: All versions

Qualcomm Video Collaboration VC1 Platform: All versions

Qualcomm Video Collaboration VC3 Platform: All versions

Robotics RB3 Platform: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8145P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SD660: All versions

SD670: All versions

SD730: All versions

SD855: All versions

SDM429W: All versions

SDX55: All versions

SM6250: All versions

Smart Audio 400 Platform: All versions

Snapdragon 210 Processor: All versions

Snapdragon 212 Mobile Platform: All versions

Snapdragon 429 Mobile Platform: All versions

Snapdragon 660 Mobile Platform: All versions

Snapdragon 670 Mobile Platform: All versions

Snapdragon 675 Mobile Platform: All versions

Snapdragon 678 Mobile Platform (SM6150-AC): All versions

Snapdragon 710 Mobile Platform: All versions

Snapdragon 720G Mobile Platform: All versions

Snapdragon 730 Mobile Platform (SM7150-AA): All versions

Snapdragon 730G Mobile Platform (SM7150-AB): All versions

Snapdragon 732G Mobile Platform (SM7150-AC): All versions

Snapdragon 845 Mobile Platform: All versions

Snapdragon 855 Mobile Platform: All versions

Snapdragon 855+/860 Mobile Platform (SM8150-AC): All versions

Snapdragon X24 LTE Modem: All versions

Snapdragon X50 5G Modem-RF System: All versions

Snapdragon X55 5G Modem-RF System: All versions

Snapdragon XR1 Platform: All versions

SXR1120: All versions

Vision Intelligence 300 Platform: All versions

Vision Intelligence 400 Platform: All versions

WCD9326: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCN3610: All versions

WCN3620: All versions

WCN3660B: All versions

WCN3680B: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WSA8810: All versions

WSA8815: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets