About Qualcomm – CVE-2024-33044 (3 Dec 2024)

Preface: The Qualcomm Hypervisor provides a modern virtualization framework that allows multiple operating systems to run independently and concurrently, delivering high performance. The Qualcomm Type 1 Hypervisor facilitates the hosting of multiple trusted execution environments for secure use cases.

Background: On some Qualcomm platforms, the hypervisor emulates more than 128 SMR (Stream Matching Register) groups. This doesn’t conform to the ARM SMMU architecture specification which defines the range of 0-127. Moreover, the emulated groups don’t exhibit the same behavior as the architecture supported ones.

For instance, emulated groups will not detect the quirky behavior of some firmware versions intercepting writes to S2CR register, thus skipping the quirk implemented in the driver and causing boot crash.

Vulnerability details: Memory corruption while Configuring the SMR/S2CR register in Bypass mode.

Official announcement: Please see the link below for details –

https://www.tenable.com/cve/CVE-2024-33044

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.