Known Exploited Vulnerability
7.8
HIGH
CVE-2024-43047
Qualcomm Multiple Chipsets Use-After-Free Vulnerab - [Actively Exploited]
Description

Memory corruption while maintaining memory maps of HLOS memory.

INFO

Published Date :

Oct. 7, 2024, 1:15 p.m.

Last Modified :

Oct. 9, 2024, 2:39 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Required Action :

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Notes :

https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43047

Public PoC/Exploit Available at Github

CVE-2024-43047 has a 5 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-43047 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qam8295p_firmware
2 Qualcomm qca6391_firmware
3 Qualcomm qca6426_firmware
4 Qualcomm qca6436_firmware
5 Qualcomm qca6574au_firmware
6 Qualcomm qca6595au_firmware
7 Qualcomm qca6696_firmware
8 Qualcomm sa6145p_firmware
9 Qualcomm sa6150p_firmware
10 Qualcomm sa6155p_firmware
11 Qualcomm sa8145p_firmware
12 Qualcomm sa8150p_firmware
13 Qualcomm sa8155p_firmware
14 Qualcomm sa8195p_firmware
15 Qualcomm sa8295p_firmware
16 Qualcomm sd865_5g_firmware
17 Qualcomm sw5100_firmware
18 Qualcomm sw5100p_firmware
19 Qualcomm wcd9341_firmware
20 Qualcomm wcd9380_firmware
21 Qualcomm wcd9385_firmware
22 Qualcomm wcn3980_firmware
23 Qualcomm wcn3988_firmware
24 Qualcomm wsa8810_firmware
25 Qualcomm wsa8815_firmware
26 Qualcomm wsa8830_firmware
27 Qualcomm wsa8835_firmware
28 Qualcomm qca6584au_firmware
29 Qualcomm qca6595_firmware
30 Qualcomm qca6698aq_firmware
31 Qualcomm qcs6490_firmware
32 Qualcomm sa4150p_firmware
33 Qualcomm sd660_firmware
34 Qualcomm sg4150p_firmware
35 Qualcomm sm6225-ad_firmware
36 Qualcomm snapdragon_auto_5g_modem-rf_firmware
37 Qualcomm snapdragon_x55_5g_modem-rf_system_firmware
38 Qualcomm snapdragon_xr2_5g_platform_firmware
39 Qualcomm sxr2130_firmware
40 Qualcomm wcd9335_firmware
41 Qualcomm wcd9370_firmware
42 Qualcomm wcd9375_firmware
43 Qualcomm wcn3950_firmware
44 Qualcomm wcn3990_firmware
45 Qualcomm qcs410_firmware
46 Qualcomm qcs610_firmware
47 Qualcomm qca6174a_firmware
48 Qualcomm sa4155p_firmware
49 Qualcomm fastconnect_6800_firmware
50 Qualcomm fastconnect_6900_firmware
51 Qualcomm fastconnect_7800_firmware
52 Qualcomm fastconnect_6700_firmware
53 Qualcomm snapdragon_660_mobile_platform_firmware
54 Qualcomm snapdragon_680_4g_mobile_platform_firmware
55 Qualcomm snapdragon_8_gen_1_mobile_platform_firmware
56 Qualcomm snapdragon_865_5g_mobile_platform_firmware
57 Qualcomm snapdragon_870_5g_mobile_platform_firmware
58 Qualcomm snapdragon_888_5g_mobile_platform_firmware
59 Qualcomm snapdragon_888\+_5g_mobile_platform_firmware
60 Qualcomm snapdragon_865\+_5g_firmware
61 Qualcomm snapdragon_xr2_5g_firmware
62 Qualcomm video_collaboration_vc1_firmware
63 Qualcomm video_collaboration_vc3_firmware
64 Qualcomm qualcomm_video_collaboration_vc1_platform_firmware
65 Qualcomm qualcomm_video_collaboration_vc3_platform_firmware
66 Qualcomm qca6174a
67 Qualcomm qca6391
68 Qualcomm qca6426
69 Qualcomm qca6436
70 Qualcomm qca6574au
71 Qualcomm qca6584au
72 Qualcomm qca6595
73 Qualcomm qca6595au
74 Qualcomm qca6696
75 Qualcomm qcs410
76 Qualcomm qcs610
77 Qualcomm sa6145p
78 Qualcomm sa6150p
79 Qualcomm sa6155p
80 Qualcomm sa8150p
81 Qualcomm sa8155p
82 Qualcomm sa8195p
83 Qualcomm sd660
84 Qualcomm sd865_5g
85 Qualcomm wcd9335
86 Qualcomm wcd9341
87 Qualcomm wcd9370
88 Qualcomm wcd9375
89 Qualcomm wcd9380
90 Qualcomm wcd9385
91 Qualcomm wcn3950
92 Qualcomm wcn3980
93 Qualcomm wcn3988
94 Qualcomm wcn3990
95 Qualcomm wsa8810
96 Qualcomm wsa8815
97 Qualcomm wsa8830
98 Qualcomm wsa8835
99 Qualcomm snapdragon_auto_5g_modem-rf_gen_2_firmware
100 Qualcomm sxr2130
101 Qualcomm qca6688aq_firmware
102 Qualcomm fastconnect_6700
103 Qualcomm sw5100
104 Qualcomm sw5100p
105 Qualcomm fastconnect_6800
106 Qualcomm fastconnect_6900
107 Qualcomm sa8145p
108 Qualcomm qam8295p
109 Qualcomm qcs6490
110 Qualcomm sa8295p
111 Qualcomm fastconnect_7800
112 Qualcomm qca6698aq
113 Qualcomm snapdragon_auto_5g_modem-rf_gen_2
114 Qualcomm sa4150p
115 Qualcomm sa4155p
116 Qualcomm sg4150p
117 Qualcomm snapdragon_auto_5g_modem-rf
118 Qualcomm qca6688aq
119 Qualcomm snapdragon_xr2_5g
120 Qualcomm video_collaboration_vc1
121 Qualcomm video_collaboration_vc3
122 Qualcomm snapdragon_660_mobile_firmware
123 Qualcomm snapdragon_660_mobile
124 Qualcomm snapdragon_680_4g_mobile_firmware
125 Qualcomm snapdragon_680_4g_mobile
126 Qualcomm snapdragon_685_4g_mobile_firmware
127 Qualcomm snapdragon_685_4g_mobile
128 Qualcomm snapdragon_8_gen_1_mobile_firmware
129 Qualcomm snapdragon_8_gen_1_mobile
130 Qualcomm snapdragon_865_5g_mobile_firmware
131 Qualcomm snapdragon_865_5g_mobile
132 Qualcomm snapdragon_865\+_5g_mobile_firmware
133 Qualcomm snapdragon_865\+_5g_mobile
134 Qualcomm snapdragon_870_5g_mobile_firmware
135 Qualcomm snapdragon_870_5g_mobile
136 Qualcomm snapdragon_888_5g_mobile_firmware
137 Qualcomm snapdragon_888_5g_mobile
138 Qualcomm snapdragon_888\+_5g_mobile_firmware
139 Qualcomm snapdragon_888\+_5g_mobile
140 Qualcomm snapdragon_x55_5g_modem-rf_firmware
141 Qualcomm snapdragon_x55_5g_modem-rf
: Total Affected Vendor : 1 | Products : 141
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43047.

URL Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
expl0itsecurity/CVE-2024-43093-43047

None

Updated: 8 months, 2 weeks ago
5 stars 0 fork 0 watcher
Born at : Nov. 13, 2024, 4:45 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
HatvixSupport/CVE-2024-43093

None

Updated: 8 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 7:05 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
hatvix1/CVE-2024-43093

CVE-2024-43093

Updated: 8 months, 1 week ago
4 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 3:06 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
exploitsecure/CVE-2024-43093

None

Updated: 8 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 2:40 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
xairy/linux-kernel-exploitation

A collection of links related to Linux kernel security and exploitation

linux-kernel kernel-exploitation exploit privilege-escalation security

Updated: 1 week, 6 days ago
6024 stars 954 fork 954 watcher
Born at : Nov. 13, 2016, 10:21 p.m. This repo has been linked 296 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43047 vulnerability anywhere in the article.

  • BleepingComputer
Google fixes Android zero-days exploited in attacks, 60 other flaws

Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. One of the zero-days, a high-severity privilege escal ... Read more

Published Date: Apr 07, 2025 (3 months, 3 weeks ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302 CVE-2024-43047
  • BleepingComputer
Google fixes Android zero-day exploited by Serbian authorities

Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days exploited in targeted attacks. Serbian authorities have used one of the zero-days, a ... Read more

Published Date: Mar 04, 2025 (4 months, 4 weeks ago)
CVE-2024-53104 CVE-2024-50302 CVE-2024-43093 CVE-2024-43047
  • BleepingComputer
Google fixes Android kernel zero-day exploited in attacks

The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. This high-severity zero-day (tracked as CVE-2024-531 ... Read more

Published Date: Feb 03, 2025 (5 months, 4 weeks ago)
CVE-2024-45569 CVE-2024-53104 CVE-2024-43093 CVE-2024-43047
  • TheCyberThrone
Zeroday Vulnerabilities Prevailed in 2024 Analysis-Part II

This is the continuation of Zeroday vulnerabilities in 2024. Let’s delve deeply into the continuation of  zero-day vulnerabilities of 2024, providing a comprehensive analysis.1. CVE-2023-46805: Authen ... Read more

Published Date: Dec 24, 2024 (7 months, 1 week ago)
CVE-2024-54677 CVE-2024-50379 CVE-2024-21287 CVE-2024-11120 CVE-2024-8535 CVE-2024-8534 CVE-2024-8069 CVE-2024-8068 CVE-2024-11121 CVE-2024-51568 ...+18 more CVE
  • The Hacker News
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnes ... Read more

Published Date: Dec 16, 2024 (7 months, 2 weeks ago)
CVE-2024-43047
  • security.nl
Amnesty: Cellebrite gebruikt Androidlek om telefoons te ontgrendelen

maandag 16 december 2024, 12:03 door Redactie, 11 reactiesLaatst bijgewerkt: 16-12-2024, 14:38 Het forensisch bedrijf Cellebrite gebruikt een kwetsbaarheid in Android om de beveiliging van Androidtele ... Read more

Published Date: Dec 16, 2024 (7 months, 2 weeks ago)
CVE-2024-43047
  • security.nl
Amnesty: Cellebrite gebruikt Androidlek om beveiliging te omzeilen

maandag 16 december 2024, 12:03 door Redactie, 11 reactiesLaatst bijgewerkt: 16-12-2024, 14:38 Het forensisch bedrijf Cellebrite gebruikt een kwetsbaarheid in Android om de beveiliging van Androidtele ... Read more

Published Date: Dec 16, 2024 (7 months, 2 weeks ago)
CVE-2024-43047
  • Kaspersky
Advanced threat predictions for 2025

We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and ... Read more

Published Date: Nov 25, 2024 (8 months, 1 week ago)
CVE-2024-43093 CVE-2024-43047 CVE-2024-5806 CVE-2024-23296 CVE-2024-23225 CVE-2024-21338 CVE-2024-23222 CVE-2024-0204
  • Cybersecurity News
Ivanti Connect Secure, Policy Secure and Secure Access Client Affected by Critical Vulnerabilities

Ivanti has released urgent security updates to address a range of vulnerabilities, including critical remote code execution (RCE) flaws, in its Connect Secure, Policy Secure, and Secure Access Client ... Read more

Published Date: Nov 13, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-39712 CVE-2024-39711 CVE-2024-39710 CVE-2024-39709 CVE-2024-38656 CVE-2024-38655 CVE-2024-38654 CVE-2024-38649 CVE-2024-37400 ...+22 more CVE
  • Cybersecurity News
CVE-2024-10575 (CVSS 10): Critical Flaw in Schneider Electric’s EcoStruxure IT Gateway

Schneider Electric has published a security notification about a critical vulnerability in its EcoStruxure™ IT Gateway platform, which connects IT infrastructure devices to the cloud for monitoring an ... Read more

Published Date: Nov 13, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-10575 CVE-2024-50386 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-8884 CVE-2024-43047
  • Cybersecurity News
CVE-2024-50330 (CVSS 9.8): Unpatched Ivanti Endpoint Manager Vulnerable to RCE Attacks

Software company Ivanti has released urgent security updates for its Endpoint Manager to address a range of vulnerabilities, including several that could allow for remote code execution (RCE).The vuln ... Read more

Published Date: Nov 12, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-37376 CVE-2024-34787 CVE-2024-34784 CVE-2024-34782 CVE-2024-34781 CVE-2024-34780 CVE-2024-32847 CVE-2024-32844 CVE-2024-32841 ...+15 more CVE
  • Cybersecurity News
CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available

Security researchers at watchTowr have uncovered two critical vulnerabilities in Citrix Session Recording Manager that, when chained together, allow unauthenticated remote code execution (RCE) on Citr ... Read more

Published Date: Nov 12, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-8069 CVE-2024-8068 CVE-2024-40715 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-28987 CVE-2024-23113
  • Cybersecurity News
CVE-2024-44102 (CVSS 10) Found in Siemens TeleControl Server Basic: Urgent Update Required

A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, iden ... Read more

Published Date: Nov 12, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-44102 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-45032 CVE-2024-33698 CVE-2024-22039 CVE-2024-23113
  • Cybersecurity News
CVE-2024-11068 (CVSS 9.8): Critical D-Link DSL-6740C Flaw, Immediate Replacement Advised

TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks.The modem, which is no longer su ... Read more

Published Date: Nov 12, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-11068 CVE-2024-11067 CVE-2024-11066 CVE-2024-11065 CVE-2024-11064 CVE-2024-11063 CVE-2024-11062 CVE-2024-47575 CVE-2024-47824 ...+5 more CVE
  • Cybersecurity News
JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome

Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome users without relying on 0-day vulnerabilities. This approach leverages the File System Access API, which all ... Read more

Published Date: Nov 12, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-23113 CVE-2024-21412 CVE-2023-22524 CVE-2022-47003
  • Cybersecurity News
Fickle Stealer: The New Rust-Based Malware Masquerading as GitHub Desktop

Attack flow | Image: TrellixIn a recent report by Trellix researchers Mallikarjun Wali and Sangram Mohapatro, a new Rust-based malware called Fickle Stealer has surfaced, posing a significant threat t ... Read more

Published Date: Nov 11, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-10327 CVE-2024-47575 CVE-2024-47824 CVE-2024-47080 CVE-2024-43047 CVE-2024-5671
  • Help Net Security
Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has releas ... Read more

Published Date: Nov 10, 2024 (8 months, 3 weeks ago)
CVE-2024-10443 CVE-2024-43093 CVE-2024-20418 CVE-2024-43047 CVE-2024-5910
  • Cybersecurity News
CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated advisory regarding four security vulnerabilities actively exploited in the wild. These vulnerabilities, now included i ... Read more

Published Date: Nov 08, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-51568 CVE-2024-51567 CVE-2024-7763 CVE-2024-48914 CVE-2024-49193 CVE-2024-43573 CVE-2024-43572 CVE-2024-43047 CVE-2024-5910 ...+1 more CVE
  • The Cyber Express
Google Addresses Two Android Zero-Days Used in Targeted Attacks

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

Published Date: Nov 06, 2024 (8 months, 3 weeks ago)
CVE-2024-43093 CVE-2024-38408 CVE-2024-43047 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • Cybersecurity News
AWS IAM Roles Anywhere: A Potential Backdoor for Attackers?

Example of script that automates IAM Roles Anywhere configuration | Image: AdanIn a recent publication, cybersecurity engineer Adan explores a potentially underappreciated security risk in Amazon Web ... Read more

Published Date: Nov 06, 2024 (8 months, 4 weeks ago)
CVE-2024-50357 CVE-2024-43093 CVE-2024-9632 CVE-2023-25581 CVE-2024-43047 CVE-2024-22040 CVE-2024-22039
  • Dark Reading
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America

Source: Oneinchpunch via Alamy Stock Photo Researchers have designated a new botnet on the scene — initially suspected to be a part of the Toxic banking Trojan family — as a whole new spinoff strain w ... Read more

Published Date: Nov 05, 2024 (8 months, 4 weeks ago)
CVE-2024-43093 CVE-2024-43047
  • BleepingComputer
Google fixes two Android zero-days used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two iss ... Read more

Published Date: Nov 05, 2024 (8 months, 4 weeks ago)
CVE-2024-43093 CVE-2024-38408 CVE-2024-43047
  • Help Net Security
Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, ... Read more

Published Date: Nov 05, 2024 (8 months, 4 weeks ago)
CVE-2024-10443 CVE-2024-43093 CVE-2024-43047
  • The Hacker News
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Mobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-430 ... Read more

Published Date: Nov 05, 2024 (8 months, 4 weeks ago)
CVE-2024-43093 CVE-2024-43047 CVE-2024-32896
  • Cybersecurity News
CVE-2024-43047 & CVE-2024-43093: Android Zero-Days Demand Immediate Patching

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-4309 ... Read more

Published Date: Nov 05, 2024 (8 months, 4 weeks ago)
CVE-2024-43093 CVE-2024-51568 CVE-2024-51567 CVE-2024-51378 CVE-2024-20329 CVE-2024-9985 CVE-2024-9984 CVE-2024-9983 CVE-2024-9465 CVE-2024-43047 ...+3 more CVE
  • Cybersecurity News
Critical Vulnerability in Waitress WSGI Server: CVE-2024-49768 – What You Need to Know

The Pylons Project has released a crucial security advisory addressing a vulnerability in the Waitress WSGI server, tracked as CVE-2024-49768. This vulnerability, assigned a CVSS score of 9.1, represe ... Read more

Published Date: Nov 01, 2024 (9 months ago)
CVE-2024-49768 CVE-2024-20424 CVE-2024-45217 CVE-2024-45216 CVE-2024-43047 CVE-2024-33066 CVE-2024-9194
  • Cybersecurity News
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure

Attack chain | Image: Trend MicroTrend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig. This Iranian-li ... Read more

Published Date: Oct 15, 2024 (9 months, 2 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-30088
  • Cybersecurity News
Gmail Scam Alert: Hackers Spoof Google to Steal Credentials

Boasting over 2.5 billion users worldwide, Gmail reigns as the most prevalent email service globally. Consequently, it comes as no surprise that this platform has become a focal point for malicious ac ... Read more

Published Date: Oct 14, 2024 (9 months, 2 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-40711
  • Cybersecurity News
Google Enables Linux Terminal on Android, Running Debian in a Virtual Machine

Google recently added a feature called “ferrochrome-dev-option” to the Android Open Source Project (AOSP), incorporating a “Linux terminal” option into the developer settings, which allows developers ... Read more

Published Date: Oct 14, 2024 (9 months, 2 weeks ago)
CVE-2024-49193 CVE-2023-25581 CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-23113
  • Help Net Security
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 202 ... Read more

Published Date: Oct 13, 2024 (9 months, 3 weeks ago)
CVE-2024-9680 CVE-2024-43573 CVE-2024-43572 CVE-2024-9381 CVE-2024-9380 CVE-2024-9379 CVE-2024-43047 CVE-2024-45409
  • TheCyberThrone
CISA KEV Update Part III – October 2024

The US CISA has added below vulnerabilities to its Known exploited vulnerabilities catalog based on the evidence of active exploitationCVE-2024-43047The vulnerability with a CVSS score of 7.8, Multipl ... Read more

Published Date: Oct 09, 2024 (9 months, 3 weeks ago)
CVE-2024-43573 CVE-2024-43572 CVE-2024-43047 CVE-2024-20470 CVE-2024-20393
  • The Register
Qualcomm urges device makers to push patches after 'targeted' exploitation

Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild. That vulnerability, CVE-2024-43047, carries a ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-33065 CVE-2024-23369
  • The Cyber Express
Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-7576 CVE-2024-7575 CVE-2024-7029 CVE-2024-36401 CVE-2024-4577 CVE-2024-21893 CVE-2024-0769 CVE-2024-21887 CVE-2023-46805 ...+2 more CVE
  • Help Net Security
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Plat ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43583 CVE-2024-43582 CVE-2024-43573 CVE-2024-43572 CVE-2024-43488 CVE-2024-43468 CVE-2024-20659 CVE-2024-43047 CVE-2024-43461 CVE-2024-6197 ...+2 more CVE
  • Help Net Security
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-37404 CVE-2024-9381 CVE-2024-9380 CVE-2024-9379 CVE-2024-9167 CVE-2024-7612 CVE-2024-43047 CVE-2024-8963 CVE-2024-8190 CVE-2023-35078
  • Help Net Security
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047
  • security.nl
Qualcomm waarschuwt voor actief misbruikt lek in groot aantal chipsets

Chipfabrikant Qualcomm waarschuwt voor een actief misbruikte kwetsbaarheid die aanwezig is in een groot aantal chipsets. Het bedrijf heeft firmware-updates uitgebracht om het probleem te verhelpen. Sm ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047
  • The Cyber Express
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices

Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, has brought to light concerns surrounding the safet ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • The Hacker News
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Mobile Security / Privacy Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitat ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066
  • Cybersecurity News
LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

Published Date: Oct 08, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066 CVE-2024-9194 CVE-2024-6678 CVE-2024-8640 CVE-2024-4577 CVE-2023-22527 CVE-2017-0144
  • BleepingComputer
Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Go ... Read more

Published Date: Oct 07, 2024 (9 months, 3 weeks ago)
CVE-2024-43047 CVE-2024-33066

The following table lists the changes that have been made to the CVE-2024-43047 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Oct. 09, 2024

    Action Type Old Value New Value
    Changed Reference Type https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html No Types Assigned https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Patch, Vendor Advisory
    Added CWE NIST CWE-416
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6688aq_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6688aq:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs6490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:video_collaboration_vc1_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:video_collaboration_vc1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:video_collaboration_vc3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:video_collaboration_vc3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa4150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa4155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sg4150p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_660_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_660_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_680_4g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_680_4g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_685_4g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_685_4g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_gen_1_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865\+_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865\+_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_870_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_888_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_888_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_888\+_5g_mobile_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_888\+_5g_mobile:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_auto_5g_modem-rf_gen_2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Oct. 09, 2024

    Action Type Old Value New Value
    Added Due Date 2024-10-29
    Added Vulnerability Name Qualcomm Multiple Chipsets Use-After-Free Vulnerability
    Added Required Action Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
    Added Date Added 2024-10-08
  • CVE Received by [email protected]

    Oct. 07, 2024

    Action Type Old Value New Value
    Added Description Memory corruption while maintaining memory maps of HLOS memory.
    Added Reference Qualcomm, Inc. https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html [No types assigned]
    Added CWE Qualcomm, Inc. CWE-416
    Added CVSS V3.1 Qualcomm, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43047 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-43047 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: