CVE-2024-43047 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability

2024-10-08 • CISA Known Exploited Vulnerability

[event] Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.

> AFFECTED SOFTWARE

Field	Value
Vendor	Qualcomm
Product	Multiple Chipsets
CWE	CWE-416
CVE ID	CVE-2024-43047
Date Added	2024-10-08
Due Date	2024-10-29
Ransomware Campaign	Unknown

> MITIGATION

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Due Date: 2024-10-29

> REFERENCES

[1] https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/c...
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-43047