⚠ Actively exploited
Added to CISA KEV on 2024-10-08. Federal agencies required to patch by 2024-10-29. Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable..

CVE-2024-43047Use After Free in INC Snapdragon

CWE-416Use After Free18 documents9 sources
Severity
7.8HIGHNVD
EPSS
1.7%
top 17.42%
CISA KEV
KEV
Added 2024-10-08
Due 2024-10-29
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Qualcomm INC SnapdragonGoogle Android
Timeline
PublishedOct 7
KEV addedOct 8
KEV dueOct 29
Latest updateAug 5
CISA Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Description

Memory corruption while maintaining memory maps of HLOS memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon64 versions+63

Patches

Patch: docs.qualcomm.com

🔴Vulnerability Details

3
Project0
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero2024-12-01
GHSA
GHSA-36wv-6w83-xmqr: Memory corruption while maintaining memory maps of HLOS memory2024-10-07
VulnCheck
Qualcomm Multiple Chipsets Use-After-Free Vulnerability2024

📋Vendor Advisories

2
Android
CVE-2024-43047: Kernel2024-11-01
CISA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability2024-10-08

🕵️Threat Intelligence

12
Bleepingcomputer
Android gets patches for Qualcomm flaws exploited in attacks2025-08-05
Bleepingcomputer
Qualcomm fixes three Adreno GPU zero-days exploited in attacks2025-06-02
Bleepingcomputer
Google fixes Android zero-days exploited in attacks, 60 other flaws2025-04-07
Bleepingcomputer
Google fixes Android zero-day exploited by Serbian authorities2025-03-04
Bleepingcomputer
Google fixes Android kernel zero-day exploited in attacks2025-02-03