CVE-2024-33045
published 2024-09-02CVE-2024-33045: Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.12%
2.3th percentile
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Affected
181 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfmc-fmc9-6ph8: Memory corruption when BTFM client sends new messages over Slimbus to ADSP
ghsa_unreviewed·2024-09-02
CVE-2024-33045 [HIGH] CWE-562 GHSA-mfmc-fmc9-6ph8: Memory corruption when BTFM client sends new messages over Slimbus to ADSP
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
Android
CVE-2024-33045: Bootloader
vendor_android·2024-09-01·CVSS 8.4
CVE-2024-33045 [HIGH] CVE-2024-33045: Bootloader
Android Security Bulletin 2024-09-01
CVE: CVE-2024-33045
Severity: HIGH
Component: Bootloader
References: A-344620353
QC-CR#3745620
CISA
Dahua IP Camera Authentication Bypass Vulnerability
cisa·2024-08-21·CVSS 9.8
CVE-2021-33045 [CRITICAL] CWE-287 Dahua IP Camera Authentication Bypass Vulnerability
Vulnerability: Dahua IP Camera Authentication Bypass Vulnerability
Affected: Dahua IP Camera Firmware
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33045
Remediation Due Date: 2024-09-11
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-02
Published