CVE-2024-33060
published 2024-09-02CVE-2024-33060: Memory corruption when two threads try to map and unmap a single node simultaneously.
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.17%
6.0th percentile
Memory corruption when two threads try to map and unmap a single node simultaneously.
Affected
250 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-33060: Kernel
vendor_android·2024-09-01·CVSS 8.4
CVE-2024-33060 [HIGH] CVE-2024-33060: Kernel
Android Security Bulletin 2024-09-01
CVE: CVE-2024-33060
Severity: HIGH
Component: Kernel
References: A-350500584
QC-CR#3735984 [2]
Project0
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
project_zero·2024-12-01
CVE-2024-21455 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
Posted by Seth Jenkins, Google Project Zero
This blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!
## Introduction
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,
GHSA
GHSA-pphm-768w-qjh3: Memory corruption when two threads try to map and unmap a single node simultaneously
ghsa_unreviewed·2024-09-02
CVE-2024-33060 [HIGH] CWE-416 GHSA-pphm-768w-qjh3: Memory corruption when two threads try to map and unmap a single node simultaneously
Memory corruption when two threads try to map and unmap a single node simultaneously.
No detection rules found.
No public exploits indexed.
2024-09-02
Published