Description
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.
Reserved 2024-04-23 | Published 2024-12-02 | Updated 2024-12-02 | Assigner
qualcommMEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Problem types
CWE-126 Buffer Over-read
Product status
Default status
unaffected
C-V2X 9150
affected
FastConnect 6800
affected
FastConnect 6900
affected
QAM8295P
affected
QCA6174A
affected
QCA6391
affected
QCA6426
affected
QCA6436
affected
QCA6574AU
affected
QCA6696
affected
QCA8337
affected
QCN9074
affected
QCS410
affected
QCS610
affected
QSM8250
affected
Qualcomm Video Collaboration VC1 Platform
affected
Qualcomm Video Collaboration VC3 Platform
affected
SA6145P
affected
SA6150P
affected
SA6155P
affected
SA8145P
affected
SA8150P
affected
SA8155P
affected
SA8195P
affected
SA8295P
affected
SA8530P
affected
SA8540P
affected
SA9000P
affected
SD865 5G
affected
SDX55
affected
Snapdragon 865 5G Mobile Platform
affected
Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
affected
Snapdragon 870 5G Mobile Platform (SM8250-AC)
affected
Snapdragon W5+ Gen 1 Wearable Platform
affected
Snapdragon X55 5G Modem-RF System
affected
Snapdragon XR2 5G Platform
affected
SW5100
affected
SW5100P
affected
SXR2130
affected
WCD9341
affected
WCD9370
affected
WCD9380
affected
WCN3660B
affected
WCN3680B
affected
WCN3950
affected
WCN3980
affected
WCN3988
affected
WSA8810
affected
WSA8815
affected
WSA8830
affected
WSA8835
affected
References
docs.qualcomm.com/...itybulletin/december-2024-bulletin.html
cve.org (CVE-2024-33037)
nvd.nist.gov (CVE-2024-33037)
Download JSON
Subscribe to our newsletter to learn more about our work.