CVE-2024-43047: Memory Corruption in HLOS Memory Map Handling
CVE-2024-43047 Published on October 7, 2024

Use After Free in DSP Service
Memory corruption while maintaining memory maps of HLOS memory.

NVD

Known Exploited Vulnerability

This Qualcomm Multiple Chipsets Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory. .

The following remediation steps are recommended / required by October 29, 2024: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Vulnerability Analysis

CVE-2024-43047 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-43047 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2024-43047

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-43047 are published in these products:

Google Android
 
Qualcomm Fastconnect 6700 Firmware
 
Qualcomm Fastconnect 6800 Firmware
 
Qualcomm Fastconnect 6900 Firmware
 
Qualcomm Fastconnect 7800 Firmware
 
Qualcomm Qam8295p Firmware
 
Qualcomm Qca6174a Firmware
 
Qualcomm Qca6391 Firmware
 
Qualcomm Qca6426 Firmware
 
Qualcomm Qca6436 Firmware
 
Qualcomm Qca6574au Firmware
 
Qualcomm Qca6584au Firmware
 
Qualcomm Qca6595 Firmware
 
Qualcomm Qca6595au Firmware
 
Qualcomm Qca6688aq Firmware
 
Qualcomm Qca6696 Firmware
 
Qualcomm Qca6698aq Firmware
 
Qualcomm Qcs410 Firmware
 
Qualcomm Qcs610 Firmware
 
Qualcomm Qcs6490 Firmware
 
Qualcomm Video Collaboration Vc1 Platform Firmware
 
Qualcomm Video Collaboration Vc3 Platform Firmware
 
Qualcomm Sa4150p Firmware
 
Qualcomm Sa4155p Firmware
 
Qualcomm Sa6145p Firmware
 
Qualcomm Sa6150p Firmware
 
Qualcomm Sa6155p Firmware
 
Qualcomm Sa8145p Firmware
 
Qualcomm Sa8150p Firmware
 
Qualcomm Sa8155p Firmware
 
Qualcomm Sa8195p Firmware
 
Qualcomm Sa8295p Firmware
 
Qualcomm Sd660 Firmware
 
Qualcomm Sd865 5g Firmware
 
Qualcomm Sg4150p Firmware
 
Qualcomm Snapdragon 660 Mobile Platform Firmware
 
Qualcomm Snapdragon 680 4g Mobile Platform Firmware
 
Qualcomm Snapdragon 8 Gen 1 Mobile Platform Firmware
 
Qualcomm Snapdragon 865 5g Mobile Platform Firmware
 
Qualcomm Snapdragon 888 5g Mobile Platform Firmware
 
Qualcomm Snapdragon Auto 5g Modem Rf Firmware
 
Qualcomm Snapdragon Auto 5g Modem Rf Gen 2 Firmware
 
Qualcomm Snapdragon X55 5g Modem Rf System Firmware
 
Qualcomm Snapdragon Xr2 5g Platform Firmware
 
Qualcomm Sw5100 Firmware
 
Qualcomm Sw5100p Firmware
 
Qualcomm Sxr2130 Firmware
 
Qualcomm Wcd9335 Firmware
 
Qualcomm Wcd9341 Firmware
 
Qualcomm Wcd9370 Firmware
 
Qualcomm Wcd9375 Firmware
 
Qualcomm Wcd9380 Firmware
 
Qualcomm Wcd9385 Firmware
 
Qualcomm Wcn3950 Firmware
 
Qualcomm Wcn3980 Firmware
 
Qualcomm Wcn3988 Firmware
 
Qualcomm Wcn3990 Firmware
 
Qualcomm Wsa8810 Firmware
 
Qualcomm Wsa8815 Firmware
 
Qualcomm Wsa8830 Firmware
 
Qualcomm Wsa8835 Firmware
 
Qualcomm Snapdragon 865 5g Firmware
 
Qualcomm Snapdragon 870 5g Mobile Platform Firmware
 
Qualcomm Sm6225 Ad Firmware
 

Affected Versions

Qualcomm, Inc. Snapdragon: qualcomm fastconnect_6700_firmware: qualcomm fastconnect_6800_firmware: qualcomm fastconnect_6900_firmware: qualcomm fastconnect_7800_firmware: qualcomm qam8295p_firmware: qualcomm qca6174a_firmware: qualcomm qca6391_firmware: qualcomm qca6426_firmware: qualcomm qca6436_firmware: qualcomm qca6574au_firmware: qualcomm qca6584au_firmware: qualcomm qca6595_firmware: qualcomm qca6595au_firmware: qualcomm qca6688aq_firmware: qualcomm qca6696_firmware: qualcomm qca6698aq_firmware: qualcomm qcs410_firmware: qualcomm qcs610_firmware: qualcomm qcs6490_firmware: qualcomm_video_collaboration_vc1_platform_firmware: qualcomm_video_collaboration_vc3_platform_firmware: qualcomm sa4150p_firmware: qualcomm sa4155p_firmware: qualcomm sa6145p_firmware: qualcomm sa6150p_firmware: qualcomm sa6155p_firmware: qualcomm sa8145p_firmware: qualcomm sa8150p_firmware: qualcomm sa8155p_firmware: qualcomm sa8195p_firmware: qualcomm sa8295p_firmware: qualcomm sd660_firmware: qualcomm sd865_5g_firmware: qualcomm sg4150p_firmware: qualcomm snapdragon_660_mobile_platform_firmware: qualcomm snapdragon_680_4g_mobile_platform_firmware: qualcomm snapdragon_8_gen_1_mobile_platform_firmware: qualcomm snapdragon_865_5g_mobile_platform_firmware: qualcomm snapdragon_888_5g_mobile_platform_firmware: qualcomm snapdragon_auto_5g_modem-rf_firmware: qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware: qualcomm snapdragon_x55_5g_modem-rf_system_firmware: qualcomm snapdragon_xr2_5g_platform_firmware: qualcomm sw5100_firmware: qualcomm sw5100p_firmware: qualcomm sxr2130_firmware: qualcomm wcd9335_firmware: qualcomm wcd9341_firmware: qualcomm wcd9370_firmware: qualcomm wcd9375_firmware: qualcomm wcd9380_firmware: qualcomm wcd9385_firmware: qualcomm wcn3950_firmware: qualcomm wcn3980_firmware: qualcomm wcn3988_firmware: qualcomm wcn3990_firmware: qualcomm wsa8810_firmware: qualcomm wsa8815_firmware: qualcomm wsa8830_firmware: qualcomm wsa8835_firmware: qualcomm snapdragon_865\+_5g_firmware: qualcomm snapdragon_870_5g_mobile_platform_firmware: qualcomm snapdragon_888\+_5g_mobile_platform_firmware: qualcomm sm6225-ad_firmware:

Exploit Probability

EPSS
1.75%
Percentile
82.25%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.