CVE-2024-33036 MEDIUM

CVE-2024-33036: Use of Out-of-range Pointer Offset in Camera Driver

Vendor Qualcomm, Inc.
Product Snapdragon
Weakness CWE-823
Published December 2, 2024
Last update December 3, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access.

Key dates

02Disclosure timeline

December 2, 2024 CVE published
December 3, 2024 Record updated