CVE-2024-43061

EPSS 0.03%
Published 03.03.2025 11:15:12
Last modified 06.03.2025 16:36:34
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800

Qualcomm ≫ Qam8295p Firmware Version-

Qualcomm ≫ Qam8295p

Qualcomm ≫ Qca6574au Firmware Version-

Qualcomm ≫ Qca6574au

Qualcomm ≫ Qca6696 Firmware Version-

Qualcomm ≫ Qca6696

Qualcomm ≫ Qca9367 Firmware Version-

Qualcomm ≫ Qca9367

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377

Qualcomm ≫ Qcs8550 Firmware Version-

Qualcomm ≫ Qcs8550

Qualcomm ≫ Sa6145p Firmware Version-

Qualcomm ≫ Sa6145p

Qualcomm ≫ Sa6150p Firmware Version-

Qualcomm ≫ Sa6150p

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p

Qualcomm ≫ Sa8145p Firmware Version-

Qualcomm ≫ Sa8145p

Qualcomm ≫ Sa8150p Firmware Version-

Qualcomm ≫ Sa8150p

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p

Qualcomm ≫ Sa8195p Firmware Version-

Qualcomm ≫ Sa8195p

Qualcomm ≫ Sa8295p Firmware Version-

Qualcomm ≫ Sa8295p

Qualcomm ≫ Sa8530p Firmware Version-

Qualcomm ≫ Sa8530p

Qualcomm ≫ Sa8540p Firmware Version-

Qualcomm ≫ Sa8540p

Qualcomm ≫ Sa9000p Firmware Version-

Qualcomm ≫ Sa9000p

Qualcomm ≫ Sdm429w Firmware Version-

Qualcomm ≫ Sdm429w

Qualcomm ≫ Snapdragon 429 Firmware Version-

Qualcomm ≫ Snapdragon 429

Qualcomm ≫ Sxr2230p Firmware Version-

Qualcomm ≫ Sxr2230p

Qualcomm ≫ Sxr2250p Firmware Version-

Qualcomm ≫ Sxr2250p

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385

Qualcomm ≫ Wcn3620 Firmware Version-

Qualcomm ≫ Wcn3620

Qualcomm ≫ Wcn3660b Firmware Version-

Qualcomm ≫ Wcn3660b

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830

Qualcomm ≫ Wsa8832 Firmware Version-

Qualcomm ≫ Wsa8832

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.061

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
product-security@qualcomm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43061

EUVD