CVE-2024-33067

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 6, 2025
Updated: Jan 10, 2025
CWE ID 125
CWE ID 126

Summary

CVE-2024-33067 is a newly identified information disclosure vulnerability. This issue arises when invoking a callback function of a sound model driver in the ADSP (Advanced Digital Signal Processor) environment. For every valid opcode received from the sound model driver, this vulnerability causes sensitive information to be disclosed unintentionally. Attackers could potentially exploit this vulnerability to gain unauthorized access to confidential data, leading to potential security risks. It is recommended that affected systems be updated with the latest patches to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share