CVE-2024-43047 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Vulnerability Name

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Description

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Additional Notes

https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2

https://nvd.nist.gov/vuln/detail/CVE-2024-43047

Related News Articles

Google fixes Android zero-days exploited in attacks, 60 other flawsApril 8, 2025

Google fixes Android zero-day exploited by Serbian authorities March 4, 2025

Google fixes Android kernel zero-day exploited in attacksFebruary 4, 2025

New Android NoviSpy spyware linked to Qualcomm zero-day bugsDecember 16, 2024

Google fixes two Android zero-days used in targeted attacksNovember 5, 2024