CVE-2024-33037

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 2, 2024
Updated: Dec 11, 2024
CWE ID 126

Summary

CVE-2024-33037 is a newly identified information disclosure vulnerability. Affected systems include those with an NPU (Neural Processing Unit) firmware that can send invalid IPC (Inter-Process Communication) messages to the NPU driver. The NPU driver fails to validate these messages, resulting in the disclosure of sensitive information to an attacker. Successful exploitation of this vulnerability could lead to unauthorized access to system data or potentially enable more serious attacks. It is recommended that affected organizations apply the necessary patches or updates to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share