What is CVE-2024-33034?

CVE-2024-33034 is a high-severity vulnerability in Qualcomm Fastconnect_6200, classified under Use After Free. CVSS score: 8.4/10. Published 2024-08-05.

How severe is CVE-2024-33034?

High severity. CVSS v3 base score is 8.4 out of 10.

Use After Free in Qualcomm Fastconnect_6200

CVE-2024-33034

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time.

Vulnerability class: Use-After-Free

EPSS: 0.001 (1.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qualcomm Fastconnect_6200
Qualcomm Fastconnect_6200_firmware
Qualcomm Fastconnect_6700
Qualcomm Fastconnect_6700_firmware
Qualcomm Fastconnect_6900
Qualcomm Fastconnect_6900_firmware
Qualcomm Fastconnect_7800
Qualcomm Fastconnect_7800_firmware
Qualcomm Flight_rb5_5g_platform
Qualcomm Flight_rb5_5g_platform_firmware

Weakness classification (CWE)

CWE-416 — Use After Free

References

product-security@qualcomm.com (Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2024-33034?: CVE-2024-33034 is a high-severity vulnerability in Qualcomm Fastconnect_6200, classified under Use After Free. CVSS score: 8.4/10. Published 2024-08-05.
How severe is CVE-2024-33034?: High severity. CVSS v3 base score is 8.4 out of 10.