Known Exploited Vulnerability
7.8
HIGH
CVE-2024-43047
Qualcomm Multiple Chipsets Use-After-Free Vulnerab - [Actively Exploited]
Description

Memory corruption while maintaining memory maps of HLOS memory.

INFO

Published Date :

Oct. 7, 2024, 1:15 p.m.

Last Modified :

Oct. 9, 2024, 2:39 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Required Action :

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Notes :

https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43047

Public PoC/Exploit Available at Github

CVE-2024-43047 has a 4 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-43047 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qam8295p_firmware
2 Qualcomm qca6391_firmware
3 Qualcomm qca6426_firmware
4 Qualcomm qca6436_firmware
5 Qualcomm qca6574au_firmware
6 Qualcomm qca6595au_firmware
7 Qualcomm qca6696_firmware
8 Qualcomm sa6145p_firmware
9 Qualcomm sa6150p_firmware
10 Qualcomm sa6155p_firmware
11 Qualcomm sa8145p_firmware
12 Qualcomm sa8150p_firmware
13 Qualcomm sa8155p_firmware
14 Qualcomm sa8195p_firmware
15 Qualcomm sa8295p_firmware
16 Qualcomm sd865_5g_firmware
17 Qualcomm sw5100_firmware
18 Qualcomm sw5100p_firmware
19 Qualcomm wcd9341_firmware
20 Qualcomm wcd9380_firmware
21 Qualcomm wcd9385_firmware
22 Qualcomm wcn3980_firmware
23 Qualcomm wcn3988_firmware
24 Qualcomm wsa8810_firmware
25 Qualcomm wsa8815_firmware
26 Qualcomm wsa8830_firmware
27 Qualcomm wsa8835_firmware
28 Qualcomm qca6584au_firmware
29 Qualcomm qca6595_firmware
30 Qualcomm qca6698aq_firmware
31 Qualcomm qcs6490_firmware
32 Qualcomm sa4150p_firmware
33 Qualcomm sd660_firmware
34 Qualcomm sg4150p_firmware
35 Qualcomm snapdragon_auto_5g_modem-rf_firmware
36 Qualcomm sxr2130_firmware
37 Qualcomm wcd9335_firmware
38 Qualcomm wcd9370_firmware
39 Qualcomm wcd9375_firmware
40 Qualcomm wcn3950_firmware
41 Qualcomm wcn3990_firmware
42 Qualcomm qcs410_firmware
43 Qualcomm qcs610_firmware
44 Qualcomm qca6174a_firmware
45 Qualcomm sa4155p_firmware
46 Qualcomm fastconnect_6800_firmware
47 Qualcomm fastconnect_6900_firmware
48 Qualcomm fastconnect_7800_firmware
49 Qualcomm fastconnect_6700_firmware
50 Qualcomm snapdragon_xr2_5g_firmware
51 Qualcomm video_collaboration_vc1_firmware
52 Qualcomm video_collaboration_vc3_firmware
53 Qualcomm qca6174a
54 Qualcomm qca6391
55 Qualcomm qca6426
56 Qualcomm qca6436
57 Qualcomm qca6574au
58 Qualcomm qca6584au
59 Qualcomm qca6595
60 Qualcomm qca6595au
61 Qualcomm qca6696
62 Qualcomm qcs410
63 Qualcomm qcs610
64 Qualcomm sa6145p
65 Qualcomm sa6150p
66 Qualcomm sa6155p
67 Qualcomm sa8150p
68 Qualcomm sa8155p
69 Qualcomm sa8195p
70 Qualcomm sd660
71 Qualcomm sd865_5g
72 Qualcomm wcd9335
73 Qualcomm wcd9341
74 Qualcomm wcd9370
75 Qualcomm wcd9375
76 Qualcomm wcd9380
77 Qualcomm wcd9385
78 Qualcomm wcn3950
79 Qualcomm wcn3980
80 Qualcomm wcn3988
81 Qualcomm wcn3990
82 Qualcomm wsa8810
83 Qualcomm wsa8815
84 Qualcomm wsa8830
85 Qualcomm wsa8835
86 Qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware
87 Qualcomm sxr2130
88 Qualcomm qca6688aq_firmware
89 Qualcomm fastconnect_6700
90 Qualcomm sw5100
91 Qualcomm sw5100p
92 Qualcomm fastconnect_6800
93 Qualcomm fastconnect_6900
94 Qualcomm sa8145p
95 Qualcomm qam8295p
96 Qualcomm qcs6490
97 Qualcomm sa8295p
98 Qualcomm fastconnect_7800
99 Qualcomm qca6698aq
100 Qualcomm snapdragon_auto_5g_modem-rf_gen_2
101 Qualcomm sa4150p
102 Qualcomm sa4155p
103 Qualcomm sg4150p
104 Qualcomm snapdragon_auto_5g_modem-rf
105 Qualcomm qca6688aq
106 Qualcomm snapdragon_xr2_5g
107 Qualcomm video_collaboration_vc1
108 Qualcomm video_collaboration_vc3
109 Qualcomm snapdragon_660_mobile_firmware
110 Qualcomm snapdragon_660_mobile
111 Qualcomm snapdragon_680_4g_mobile_firmware
112 Qualcomm snapdragon_680_4g_mobile
113 Qualcomm snapdragon_685_4g_mobile_firmware
114 Qualcomm snapdragon_685_4g_mobile
115 Qualcomm snapdragon_8_gen_1_mobile_firmware
116 Qualcomm snapdragon_8_gen_1_mobile
117 Qualcomm snapdragon_865_5g_mobile_firmware
118 Qualcomm snapdragon_865_5g_mobile
119 Qualcomm snapdragon_865\+_5g_mobile_firmware
120 Qualcomm snapdragon_865\+_5g_mobile
121 Qualcomm snapdragon_870_5g_mobile_firmware
122 Qualcomm snapdragon_870_5g_mobile
123 Qualcomm snapdragon_888_5g_mobile_firmware
124 Qualcomm snapdragon_888_5g_mobile
125 Qualcomm snapdragon_888\+_5g_mobile_firmware
126 Qualcomm snapdragon_888\+_5g_mobile
127 Qualcomm snapdragon_x55_5g_modem-rf_firmware
128 Qualcomm snapdragon_x55_5g_modem-rf
: Total Affected Vendor : 1 | Products : 128
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43047.

URL Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
expl0itsecurity/CVE-2024-43093-43047

None

Updated: 2 weeks, 6 days ago
5 stars 0 fork 0 watcher
Born at : Nov. 13, 2024, 4:45 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
HatvixSupport/CVE-2024-43093

None

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 7:05 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
hatvix1/CVE-2024-43093

CVE-2024-43093

Updated: 1 week, 2 days ago
4 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 3:06 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
exploitsecure/CVE-2024-43093

None

Updated: 3 weeks, 4 days ago
1 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 2:40 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43047 vulnerability anywhere in the article.

  • Kaspersky
Advanced threat predictions for 2025

We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and ... Read more

Published Date: Nov 25, 2024 (1 week, 1 day ago)
CVE-2024-43093 CVE-2024-43047 CVE-2024-5806 CVE-2024-23296 CVE-2024-23225 CVE-2024-21338 CVE-2024-23222 CVE-2024-0204
  • Cybersecurity News
Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities

Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client ... Read more

Published Date: Nov 13, 2024 (2 weeks, 6 days ago)
CVE-2024-43093 CVE-2024-39712 CVE-2024-39711 CVE-2024-39710 CVE-2024-39709 CVE-2024-38656 CVE-2024-38655 CVE-2024-38654 CVE-2024-38649 CVE-2024-37400 ...+22 more CVE
  • Cybersecurity News
CVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure IT Gateway

Schneider Electric has published a security notification about a critical vulnerability in its EcoStruxure™ IT Gateway platform, which connects IT infrastructure devices to the cloud for monitoring an ... Read more

Published Date: Nov 13, 2024 (2 weeks, 6 days ago)
CVE-2024-43093 CVE-2024-10575 CVE-2024-50386 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-8884 CVE-2024-43047
  • Cybersecurity News
CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).The vuln ... Read more

Published Date: Nov 12, 2024 (3 weeks ago)
CVE-2024-43093 CVE-2024-37376 CVE-2024-34787 CVE-2024-34784 CVE-2024-34782 CVE-2024-34781 CVE-2024-34780 CVE-2024-32847 CVE-2024-32844 CVE-2024-32841 ...+15 more CVE
  • Cybersecurity News
CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available

Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citr ... Read more

Published Date: Nov 12, 2024 (3 weeks ago)
CVE-2024-43093 CVE-2024-8069 CVE-2024-8068 CVE-2024-40715 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-28987 CVE-2024-23113
  • Cybersecurity News
CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required

A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, iden ... Read more

Published Date: Nov 12, 2024 (3 weeks ago)
CVE-2024-43093 CVE-2024-44102 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-45032 CVE-2024-33698 CVE-2024-22039 CVE-2024-23113
  • Cybersecurity News
CVE-2024-11068 (CVSS 9.8): Critical D-Link DSL-6740C Flaw, Immediate Replacement Advised

TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks.The modem, which is no longer su ... Read more

Published Date: Nov 12, 2024 (3 weeks ago)
CVE-2024-43093 CVE-2024-11068 CVE-2024-11067 CVE-2024-11066 CVE-2024-11065 CVE-2024-11064 CVE-2024-11063 CVE-2024-11062 CVE-2024-47575 CVE-2024-47824 ...+5 more CVE
  • Cybersecurity News
JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome

Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome users without relying on 0-day vulnerabilities. This approach leverages the File System Access API, which all ... Read more

Published Date: Nov 12, 2024 (3 weeks ago)
CVE-2024-43093 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-23113 CVE-2024-21412 CVE-2023-22524 CVE-2022-47003
  • Cybersecurity News
Fickle Stealer: The New Rust-Based Malware Masquerading as GitHub Desktop

Attack flow | Image: TrellixIn a recent report by Trellix researchers Mallikarjun Wali and Sangram Mohapatro, a new Rust-based malware called Fickle Stealer has surfaced, posing a significant threat t ... Read more

Published Date: Nov 11, 2024 (3 weeks, 1 day ago)
CVE-2024-43093 CVE-2024-10327 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-5671
  • Help Net Security
Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has releas ... Read more

Published Date: Nov 10, 2024 (3 weeks, 2 days ago)
CVE-2024-10443 CVE-2024-43093 CVE-2024-20418 CVE-2024-43047 CVE-2024-5910
  • Cybersecurity News
CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included i ... Read more

Published Date: Nov 08, 2024 (3 weeks, 4 days ago)
CVE-2024-43093 CVE-2024-51568 CVE-2024-51567 CVE-2024-7763 CVE-2024-48914 CVE-2024-49193 CVE-2024-43573 CVE-2024-43572 CVE-2024-43047 CVE-2024-5910 ...+1 more CVE
  • The Cyber Express
Google Addresses Two Android Zero-Days Used in Targeted Attacks

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

Published Date: Nov 06, 2024 (3 weeks, 6 days ago)
CVE-2024-43093 CVE-2024-38408 CVE-2024-43047 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • Cybersecurity News
AWS IAM Roles Anywhere: A Potential Backdoor for Attackers?

Example of script that automates IAM Roles Anywhere configuration | Image: AdanIn a recent publication, cybersecurity engineer Adan explores a potentially underappreciated security risk in Amazon Web ... Read more

Published Date: Nov 06, 2024 (3 weeks, 6 days ago)
CVE-2024-50357 CVE-2024-43093 CVE-2024-9632 CVE-2023-25581 CVE-2024-43047 CVE-2024-22040 CVE-2024-22039
  • Dark Reading
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America

Source: Oneinchpunch via Alamy Stock Photo Researchers have designated a new botnet on the scene — initially suspected to be a part of the Toxic banking Trojan family — as a whole new spinoff strain w ... Read more

Published Date: Nov 05, 2024 (3 weeks, 6 days ago)
CVE-2024-43093 CVE-2024-43047
  • BleepingComputer
Google fixes two Android zero-days used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two iss ... Read more

Published Date: Nov 05, 2024 (4 weeks ago)
CVE-2024-43093 CVE-2024-38408 CVE-2024-43047
  • Help Net Security
Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, ... Read more

Published Date: Nov 05, 2024 (4 weeks ago)
CVE-2024-10443 CVE-2024-43093 CVE-2024-43047
  • The Hacker News
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Mobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-430 ... Read more

Published Date: Nov 05, 2024 (4 weeks ago)
CVE-2024-43093 CVE-2024-43047 CVE-2024-32896
  • Cybersecurity News
CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-4309 ... Read more

Published Date: Nov 05, 2024 (4 weeks ago)
CVE-2024-43093 CVE-2024-51568 CVE-2024-51567 CVE-2024-51378 CVE-2024-20329 CVE-2024-9985 CVE-2024-9984 CVE-2024-9983 CVE-2024-9465 CVE-2024-43047 ...+3 more CVE
  • Cybersecurity News
Critical Vulnerability in Waitress WSGI Server: CVE-2024-49768 – What You Need to Know

The Pylons Project has released a crucial security advisory addressing a vulnerability in the Waitress WSGI server, tracked as CVE-2024-49768. This vulnerability, assigned a CVSS score of 9.1, represe ... Read more

Published Date: Nov 01, 2024 (1 month ago)
CVE-2024-49768 CVE-2024-20424 CVE-2024-45217 CVE-2024-45216 CVE-2024-43047 CVE-2024-33066 CVE-2024-9194
  • Cybersecurity News
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure

Attack chain | Image: Trend MicroTrend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig. This Iranian-li ... Read more

Published Date: Oct 15, 2024 (1 month, 2 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-30088
  • Cybersecurity News
Gmail Scam Alert: Hackers Spoof Google to Steal Credentials

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for malicious ac ... Read more

Published Date: Oct 14, 2024 (1 month, 2 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-40711
  • Cybersecurity News
Google Enables Linux Terminal on Android, Running Debian in a Virtual Machine

Google recently added a feature called “ferrochrome-dev-option” to the Android Open Source Project (AOSP), incorporating a “Linux terminal” option into the developer settings, which allows developers ... Read more

Published Date: Oct 14, 2024 (1 month, 2 weeks ago)
CVE-2024-49193 CVE-2023-25581 CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-23113
  • Help Net Security
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 202 ... Read more

Published Date: Oct 13, 2024 (1 month, 2 weeks ago)
CVE-2024-9680 CVE-2024-43573 CVE-2024-43572 CVE-2024-9381 CVE-2024-9380 CVE-2024-9379 CVE-2024-43047 CVE-2024-45409
  • TheCyberThrone
CISA KEV Update Part III – October 2024

The US CISA has added below vulnerabilities to its Known exploited vulnerabilities catalog based on the evidence of active exploitationCVE-2024-43047The vulnerability with a CVSS score of 7.8, Multipl ... Read more

Published Date: Oct 09, 2024 (1 month, 3 weeks ago)
CVE-2024-43573 CVE-2024-43572 CVE-2024-43047 CVE-2024-20470 CVE-2024-20393
  • The Register
Qualcomm urges device makers to push patches after 'targeted' exploitation

Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild. That vulnerability, CVE-2024-43047, carries a ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-33065 CVE-2024-23369
  • The Cyber Express
Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-7576 CVE-2024-7575 CVE-2024-7029 CVE-2024-36401 CVE-2024-4577 CVE-2024-21893 CVE-2024-0769 CVE-2024-21887 CVE-2023-46805 ...+2 more CVE
  • Help Net Security
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Plat ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43583 CVE-2024-43582 CVE-2024-43573 CVE-2024-43572 CVE-2024-43488 CVE-2024-43468 CVE-2024-20659 CVE-2024-43047 CVE-2024-43461 CVE-2024-6197 ...+2 more CVE
  • Help Net Security
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-37404 CVE-2024-9381 CVE-2024-9380 CVE-2024-9379 CVE-2024-9167 CVE-2024-7612 CVE-2024-43047 CVE-2024-8963 CVE-2024-8190 CVE-2023-35078
  • Help Net Security
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047
  • security.nl
Qualcomm waarschuwt voor actief misbruikt lek in groot aantal chipsets

Chipfabrikant Qualcomm waarschuwt voor een actief misbruikte kwetsbaarheid die aanwezig is in een groot aantal chipsets. Het bedrijf heeft firmware-updates uitgebracht om het probleem te verhelpen. Sm ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047
  • The Cyber Express
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices

Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, has brought to light concerns surrounding the safet ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • The Hacker News
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Mobile Security / Privacy Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitat ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066
  • Cybersecurity News
LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

Published Date: Oct 08, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-6678 CVE-2024-8640 CVE-2024-4577 CVE-2023-22527 CVE-2017-0144
  • BleepingComputer
Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Go ... Read more

Published Date: Oct 07, 2024 (1 month, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066

The following table lists the changes that have been made to the CVE-2024-43047 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Oct. 09, 2024

    Action Type Old Value New Value
    Changed Reference Type https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html No Types Assigned https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Patch, Vendor Advisory
    Added CWE NIST CWE-416
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6688aq_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6688aq:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:video_collaboration_vc1_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:video_collaboration_vc3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa4150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa4155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sg4150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_660_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_660_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_680_4g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_685_4g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865\+_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865\+_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_870_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_888_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_888\+_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_888\+_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Oct. 09, 2024

    Action Type Old Value New Value
    Added Due Date 2024-10-29
    Added Vulnerability Name Qualcomm Multiple Chipsets Use-After-Free Vulnerability
    Added Required Action Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
    Added Date Added 2024-10-08
  • CVE Received by [email protected]

    Oct. 07, 2024

    Action Type Old Value New Value
    Added Description Memory corruption while maintaining memory maps of HLOS memory.
    Added Reference Qualcomm, Inc. https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html [No types assigned]
    Added CWE Qualcomm, Inc. CWE-416
    Added CVSS V3.1 Qualcomm, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43047 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-43047 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: