CVE-2024-33050 – Buffer Over-read in WLAN Host Communication (10th Sep 2024)

Preface: In computer programming, transient is a property of any element in the system that is temporary. The term applies to transient applications.

Background: Within frequency, In-band discovery is used for communication between 6 GHz devices. There are three in-band discovery methods: Fast Initial Link Setup (FILS) and Unsolicited Probe Response (UPR) frames are passive in-band discovery methods. Choose one of FILS and UPR and cannot use them at the same time. The 6 GHz discovery frame is only required when 6 GHz is the only operable radio frequency band. Preferred Scan Channel (PSC) is an active in-frequency discovery method. Wireless clients will only probe PSC channels; if detecting from the RNR, non-PSCs will be scanned.

Vulnerability details: Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.

Ref: The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

Official announcement: Please refer to the vendor announcement for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.