#VU98076 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') in Qualcomm products - CVE-2024-33066

Vulnerability identifier: #VU98076

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-33066

CWE-ID: CWE-96

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CSR8811
Immersive Home 214 Platform
Immersive Home 216 Platform
Immersive Home 316 Platform
Immersive Home 318 Platform
Immersive Home 3210 Platform
Immersive Home 326 Platform
IPQ5010
IPQ5028
IPQ5300
IPQ5302
IPQ5312
IPQ5332
IPQ6000
IPQ6010
IPQ6018
IPQ6028
IPQ8070A
IPQ8071A
IPQ8072A
IPQ8074A
IPQ8076
IPQ8076A
IPQ8078
IPQ8078A
IPQ8173
IPQ8174
IPQ9008
IPQ9554
IPQ9574
QCA4024
QCA8075
QCA8081
QCA8082
QCA8084
QCA8085
QCA8386
QCA9888
QCA9889
QCF8000
QCF8001
QCN5022
QCN5024
QCN5052
QCN5122
QCN5124
QCN5152
QCN5154
QCN5164
QCN6023
QCN6024
QCN6112
QCN6122
QCN6402
QCN6412
QCN6422
QCN6432
QCN9000
QCN9022
QCN9024
QCN9070
QCN9072
QCN9074
QCN9100
QCN9160
QCN9274
QXM8083
SDX65M
Snapdragon X65 5G Modem-RF System
QCN6132
SDX55

Software vendor:
Qualcomm

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN Resource Manager. A remote attacker can execute arbitrary code.

Install security update from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html