Cyber Resilience

CVE-2024-33055

Medium

Published: 06 January 2025

Published
06 January 2025
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 25.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33055 is a medium-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-33055 is a memory corruption vulnerability classified under CWE-416 (use-after-free), triggered while invoking IOCTL calls to unmap DMA buffers. It affects components within Qualcomm products, as detailed in the vendor's January 2025 security bulletin.

The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Exploitation requires local access with high privileges, low attack complexity, and no user interaction, enabling an attacker to achieve high impacts on confidentiality, integrity, and availability through memory corruption.

Qualcomm's security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html provides details on affected products, exploitation status, and recommended mitigations or patches.

EU & UK References

Vulnerability details

Memory corruption while invoking IOCTL calls to unmap the DMA buffers.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free memory corruption in Qualcomm driver IOCTL/DMA handling enables exploitation for privilege escalation or full system compromise.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-38411Same product: Qualcomm Fastconnect 6900
CVE-2024-43061Same product: Qualcomm Fastconnect 6900
CVE-2024-33059Same product: Qualcomm Fastconnect 6900
CVE-2024-33041Same product: Qualcomm Fastconnect 6900
CVE-2024-45580Same product: Qualcomm Fastconnect 6900
CVE-2024-45553Same product: Qualcomm Fastconnect 6900
CVE-2024-53023Same product: Qualcomm Fastconnect 6900
CVE-2024-43062Same product: Qualcomm Fastconnect 6900
CVE-2026-21380Same product: Qualcomm Fastconnect 6900
CVE-2024-43059Same product: Qualcomm Fastconnect 6900

Affected Assets

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qam8295p firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6696 firmware
all versions
qualcomm
qcm8550 firmware
all versions
qualcomm
qcs6490 firmware
all versions
qualcomm
qcs8550 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sa6145p firmware
all versions
+29 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the vulnerability by requiring identification, reporting, and timely patching of the specific use-after-free flaw in IOCTL handling for DMA buffers as per Qualcomm's security bulletin.

prevent

Implements memory protection mechanisms that comprehensively mitigate use-after-free memory corruption during DMA buffer unmapping operations.

prevent

Validates IOCTL inputs to prevent malformed or unauthorized requests that trigger the memory corruption in DMA buffer unmapping.

References