CVE-2024-33037

medium

Description

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Details

Source: Mitre, NVD

Published: 2024-12-02

Updated: 2024-12-02

Risk Information

CVSS v2

Base Score: 5.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L