CVE-2024-43047 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Exploit added

October 8, 2024

Action due

October 29, 2024

Action required

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Description

Memory corruption while maintaining memory maps of HLOS memory.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:qualcomm:snapdragon_660_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_865+_5g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_888+_5g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6688aq_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:::::::*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:::::::*
cpe:2.3:o:qualcomm:video_collaboration_vc1_firmware:-:::::::*
cpe:2.3:o:qualcomm:video_collaboration_vc3_firmware:-:::::::*
cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:::::::*
cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:::::::*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:::::::*
cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:::::::*
cpe:2.3:o:qualcomm:sg4150p_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6698aq_firmware:-:::::::*
cpe:2.3:o:qualcomm:qam8295p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa8295p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa4150p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa4155p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sw5100_firmware:-:::::::*
cpe:2.3:o:qualcomm:sw5100p_firmware:-:::::::*
cpe:2.3:o:qualcomm:qcs6490_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa8145p_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6595_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6426_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6436_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6595au_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6696_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6391_firmware:-:::::::*
cpe:2.3:o:qualcomm:sd865_5g_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9335_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9341_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcn3950_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::*
cpe:2.3:o:qualcomm:wcn3990_firmware:-:::::::*
cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::*
cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::*
cpe:2.3:o:qualcomm:sd660_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa8195p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa8150p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa6150p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa6145p_firmware:-:::::::*
cpe:2.3:o:qualcomm:qcs410_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa8155p_firmware:-:::::::*
cpe:2.3:o:qualcomm:qcs610_firmware:-:::::::*
cpe:2.3:o:qualcomm:sa6155p_firmware:-:::::::*
cpe:2.3:o:qualcomm:sxr2130_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6584au_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6174a_firmware:-:::::::*
cpe:2.3:o:qualcomm:qca6574au_firmware:-:::::::*

Details

Source:
NVD

Published:
October 7, 2024

Updated:
October 9, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined