CVE-2024-33040 — Use After Free in INC Snapdragon

CWE-416 — Use After Free2 documents2 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 79.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon

Timeline

PublishedDec 2

Description

Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5qualcomm_inc/snapdragon30 versions+29

Patches

Patch: docs.qualcomm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4vfq-29m3-4mf8: Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between b↗2024-12-02

▶