Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Added Oct. 8, 2024 • Due Oct. 29, 2024 • CVE-2024-43047

Overdue Qualcomm / Multiple Chipsets CWE-416

Description

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Required Action

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

References

https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2
https://nvd.nist.gov/vuln/detail/CVE-2024-43047

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months ago