CVE-2024-33071 Overview
CVE-2024-33071 is a transient denial-of-service (DoS) vulnerability affecting multiple Qualcomm firmware components. The flaw resides in the Wi-Fi beacon frame parser, specifically the routine that processes the Multiple BSSID (MBSSID) Information Element (IE). When a beacon contains an MBSSID IE with a length field of 0, the parser performs an out-of-bounds read that destabilizes the wireless subsystem.
The vulnerability is reachable over the air by any device broadcasting crafted 802.11 beacon frames within radio range. No authentication or user interaction is required to trigger the condition.
Critical Impact
A remote attacker within Wi-Fi range can transmit malformed beacon frames to induce a transient denial of service on affected Qualcomm chipsets, disrupting wireless connectivity on impacted devices.
Affected Products
- Qualcomm MDM9628 firmware
- Qualcomm QCA6564A and QCA6564AU firmware
- Qualcomm QCA6574A and QCA6574AU firmware
Discovery Timeline
- 2024-10-07 - CVE-2024-33071 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-33071
Vulnerability Analysis
The vulnerability is classified under [CWE-125] (Out-of-Bounds Read) and [CWE-126] (Buffer Over-read). It affects the beacon frame parsing logic in Qualcomm Wi-Fi and modem firmware. The MBSSID IE is a variable-length structure defined by IEEE 802.11 that advertises multiple virtual BSSIDs from a single physical access point.
The parser assumes the IE length field describes a well-formed structure containing sub-elements. When the length field is 0, the parser fails to validate the boundary before dereferencing sub-element data, reading beyond the end of the IE buffer. The result is a transient DoS in which the Wi-Fi subsystem crashes or resets, disrupting connectivity until recovery.
Root Cause
The root cause is missing input validation on the MBSSID IE length field before the parser advances into nested sub-element processing. A length of 0 should short-circuit parsing, but the affected code path continues to read structured fields, producing an out-of-bounds read against the beacon buffer.
Attack Vector
Exploitation requires the attacker to be within Wi-Fi radio range of the target device. The attacker transmits a crafted 802.11 beacon frame containing an MBSSID IE with length 0. Because beacon frames are unauthenticated management frames processed by any station in scanning or associated state, the target processes the malformed IE and enters the vulnerable code path. No user interaction, association, or credentials are needed.
The vulnerability affects availability only. There is no evidence of information disclosure or code execution associated with this issue per the vendor advisory.
Detection Methods for CVE-2024-33071
Indicators of Compromise
- Repeated unexpected Wi-Fi disconnects, driver resets, or radio firmware crash logs on affected Qualcomm chipsets.
- Kernel or HAL log entries referencing MBSSID or beacon IE parsing failures around the time of connectivity loss.
- Presence of 802.11 beacon frames in over-the-air captures containing an MBSSID IE (element ID 71) with a length octet of 0.
Detection Strategies
- Deploy wireless intrusion detection sensors that inspect management frames and flag beacons with zero-length or otherwise malformed MBSSID IEs.
- Correlate device-side Wi-Fi subsystem crash telemetry with nearby RF captures to identify malicious beacon activity.
- Monitor endpoint logs for repeated Wi-Fi driver restarts on devices using the affected Qualcomm chipsets.
Monitoring Recommendations
- Enable verbose Wi-Fi and modem subsystem logging on managed devices in high-risk environments such as conferences and public venues.
- Track the frequency of beacon parsing errors and radio resets to establish a baseline and alert on spikes.
- Ingest wireless IDS alerts into the SIEM to correlate RF anomalies with endpoint availability events.
How to Mitigate CVE-2024-33071
Immediate Actions Required
- Inventory devices, modules, and vehicles that integrate the affected Qualcomm chipsets (MDM9628, QCA6564A/AU, QCA6574A/AU).
- Apply the Qualcomm security update from the October 2024 bulletin as delivered through the OEM firmware update channel.
- Prioritize patching for devices operating in open or untrusted RF environments where hostile beacons are most plausible.
Patch Information
Qualcomm addressed CVE-2024-33071 in its October 2024 Security Bulletin. Refer to the Qualcomm Security Bulletin October 2024 for chipset-specific patch identifiers. Because the affected components are firmware in system-on-chip modules, the fix is delivered by device OEMs and integrators through their standard firmware or OTA update mechanisms.
Workarounds
- Where patching is not immediately possible, restrict use of affected devices to trusted wireless environments and disable Wi-Fi scanning when not required.
- Deploy wireless intrusion prevention to detect and locate sources of malformed beacon frames.
- Implement automated Wi-Fi subsystem recovery scripts to reduce downtime when transient crashes occur.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

