CVE-2024-33051 Overview
CVE-2024-33051 is a transient denial-of-service vulnerability affecting a broad range of Qualcomm chipsets and firmware, including Snapdragon mobile, automotive, compute, and FastConnect wireless platforms. The flaw resides in the WLAN firmware processing of the Traffic Indication Map (TIM) information element (IE) carried in Wi-Fi beacon frames. Because the parser fails to validate the IE length field, a crafted beacon can drive the firmware to read beyond the intended buffer, causing a transient crash. The issue maps to CWE-125 (Out-of-Bounds Read) and CWE-126 (Buffer Over-read). Qualcomm addressed the defect in its September 2024 security bulletin.
Critical Impact
A remote, unauthenticated attacker within radio range can transmit malformed 802.11 beacon frames to trigger a transient denial-of-service condition in the WLAN firmware of affected Qualcomm devices.
Affected Products
- Qualcomm Snapdragon mobile platforms (Snapdragon 4/6/7/8 series, including Snapdragon 8 Gen 1/2/3)
- Qualcomm FastConnect 6200, 6700, 6800, 6900, and 7800 connectivity subsystems
- Qualcomm automotive, IoT, compute, and wearable platforms (SA8xxx, QCS/QCM series, Snapdragon Auto, Snapdragon W5+ Gen 1)
Discovery Timeline
- 2024-09-02 - CVE-2024-33051 published to NVD as part of the Qualcomm September 2024 security bulletin
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-33051
Vulnerability Analysis
The vulnerability exists in the WLAN firmware routine that parses the Traffic Indication Map information element from received 802.11 beacon frames. The TIM IE informs stations about buffered broadcast, multicast, and unicast traffic at the access point. When the parser processes an incoming beacon, it consumes the TIM IE contents without first validating the declared length byte against the actual buffer boundary. An attacker who transmits a beacon frame containing a TIM IE with a length value larger than the remaining IE payload causes the firmware to read past the end of the parsing buffer. The resulting out-of-bounds read corrupts control flow within the firmware, producing a transient denial-of-service that manifests as a WLAN subsystem crash or reset. Wi-Fi connectivity is disrupted until the subsystem recovers.
Root Cause
The root cause is missing bounds checking on the TIM IE length field before reading structured data from the frame body. The parser trusts an attacker-controlled length value taken directly from the beacon. This maps to CWE-126 (Buffer Over-read) and CWE-125 (Out-of-Bounds Read).
Attack Vector
Exploitation requires only radio proximity to the target device. The attacker transmits a crafted 802.11 beacon frame containing a malformed TIM IE. No association, authentication, or user interaction is needed because stations passively parse beacon frames during scanning and while connected. Broadcasting the malformed beacon from a rogue AP or software-defined radio can affect any Wi-Fi station within range.
No verified public proof-of-concept has been released. See the Qualcomm Security Bulletin September 2024 for authoritative technical detail.
Detection Methods for CVE-2024-33051
Indicators of Compromise
- Unexpected WLAN subsystem crashes, firmware restarts, or wlan driver watchdog resets recorded in device kernel or dmesg logs.
- Repeated Wi-Fi disconnections coinciding with the presence of an unfamiliar SSID or BSSID broadcasting beacons in the environment.
- Beacon frames captured over-the-air whose TIM IE (element ID 0x05) declares a length exceeding the remaining IE payload.
Detection Strategies
- Monitor endpoint and mobile device logs for repeated WLAN firmware crash signatures and correlate with physical location or wireless environment.
- Deploy wireless intrusion detection (WIDS) sensors to flag malformed 802.11 management frames, specifically beacons with inconsistent TIM IE length fields.
- Ingest device telemetry into a centralized data lake to hunt for patterns of simultaneous Wi-Fi disconnects across nearby endpoints.
Monitoring Recommendations
- Baseline normal WLAN driver crash rates per device model and alert on statistically significant increases.
- Track rogue AP detections and unauthorized beacon sources in enterprise Wi-Fi environments.
- Review vendor and carrier update compliance to confirm affected firmware is patched across the fleet.
How to Mitigate CVE-2024-33051
Immediate Actions Required
- Apply the WLAN firmware updates delivered by device OEMs and carriers referencing Qualcomm's September 2024 security bulletin.
- Inventory endpoints, mobile devices, IoT, and automotive components using affected Snapdragon, FastConnect, and QCA chipsets.
- Prioritize patch deployment for high-risk mobile fleets, connected vehicles, and always-on IoT devices operating in exposed radio environments.
Patch Information
Qualcomm published fixes in the Qualcomm Security Bulletin September 2024. Because Qualcomm delivers patches through downstream vendors, remediation depends on OEM and carrier firmware releases. Confirm each affected device model has received an update that references CVE-2024-33051.
Workarounds
- Where operationally acceptable, disable Wi-Fi on unpatched devices in untrusted RF environments to remove the attack surface.
- Restrict devices to enterprise-managed SSIDs and enable rogue AP containment through the wireless controller.
- Increase physical and RF perimeter controls in sensitive areas until vendor firmware updates are applied.
# Example: audit connected Android endpoints for WLAN firmware version via adb
adb shell getprop | grep -i "wlan\|wifi\|build.version.security_patch"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

