7.8

CVE-2024-43047

Warning

Memory corruption while maintaining memory maps of HLOS memory.

Data is provided by the National Vulnerability Database (NVD)
QualcommQam8295p Firmware Version-
   QualcommQam8295p Version-
QualcommQca6174a Firmware Version-
   QualcommQca6174a Version-
QualcommQca6391 Firmware Version-
   QualcommQca6391 Version-
QualcommQca6426 Firmware Version-
   QualcommQca6426 Version-
QualcommQca6436 Firmware Version-
   QualcommQca6436 Version-
QualcommQca6574au Firmware Version-
   QualcommQca6574au Version-
QualcommQca6584au Firmware Version-
   QualcommQca6584au Version-
QualcommQca6595 Firmware Version-
   QualcommQca6595 Version-
QualcommQca6595au Firmware Version-
   QualcommQca6595au Version-
QualcommQca6688aq Firmware Version-
   QualcommQca6688aq Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommQca6698aq Firmware Version-
   QualcommQca6698aq Version-
QualcommQcs410 Firmware Version-
   QualcommQcs410 Version-
QualcommQcs610 Firmware Version-
   QualcommQcs610 Version-
QualcommQcs6490 Firmware Version-
   QualcommQcs6490 Version-
QualcommSa4150p Firmware Version-
   QualcommSa4150p Version-
QualcommSa4155p Firmware Version-
   QualcommSa4155p Version-
QualcommSa6145p Firmware Version-
   QualcommSa6145p Version-
QualcommSa6150p Firmware Version-
   QualcommSa6150p Version-
QualcommSa6155p Firmware Version-
   QualcommSa6155p Version-
QualcommSa8145p Firmware Version-
   QualcommSa8145p Version-
QualcommSa8150p Firmware Version-
   QualcommSa8150p Version-
QualcommSa8155p Firmware Version-
   QualcommSa8155p Version-
QualcommSa8195p Firmware Version-
   QualcommSa8195p Version-
QualcommSa8295p Firmware Version-
   QualcommSa8295p Version-
QualcommSd660 Firmware Version-
   QualcommSd660 Version-
QualcommSd865 5g Firmware Version-
   QualcommSd865 5g Version-
QualcommSg4150p Firmware Version-
   QualcommSg4150p Version-
QualcommSw5100 Firmware Version-
   QualcommSw5100 Version-
QualcommSw5100p Firmware Version-
   QualcommSw5100p Version-
QualcommSxr2130 Firmware Version-
   QualcommSxr2130 Version-
QualcommWcd9335 Firmware Version-
   QualcommWcd9335 Version-
QualcommWcd9341 Firmware Version-
   QualcommWcd9341 Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWcn3950 Firmware Version-
   QualcommWcn3950 Version-
QualcommWcn3980 Firmware Version-
   QualcommWcn3980 Version-
QualcommWcn3988 Firmware Version-
   QualcommWcn3988 Version-
QualcommWcn3990 Firmware Version-
   QualcommWcn3990 Version-
QualcommWsa8810 Firmware Version-
   QualcommWsa8810 Version-
QualcommWsa8815 Firmware Version-
   QualcommWsa8815 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-

08.10.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

Description

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.598
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
product-security@qualcomm.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.