cbcvebase.
CVE-2024-43047
published 2024-10-07

CVE-2024-43047: Memory corruption while maintaining memory maps of HLOS memory.

PriorityP184high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-29
Exploited in the wild
EPSS
0.67%
47.4th percentile
Memory corruption while maintaining memory maps of HLOS memory.

Affected

65 ranges· showing 25
VendorProductVersion rangeFixed in
googleandroid
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-43047 is a use-after-free (UAF) vulnerability in Qualcomm's FASTRPC/DSP kernel driver; look for memory corruption events or UAF patterns in the DSP service on Android devices running Qualcomm chipsets (Snapdragon 8 and 63 other affected chipsets)
  • CVE-2024-43047 has been used in targeted NoviSpy spyware attacks against Android devices belonging to activists, journalists, and protestors by Serbian authorities; treat exploitation as indicative of nation-state or law-enforcement-grade spyware deployment
  • Exploitation requires only local access with low privileges; monitor for unexpected privilege escalation from low-privileged processes interacting with the Qualcomm FASTRPC/DSP driver on Android 12–15
  • ·Patches for the FASTRPC driver were provided to OEMs in September 2024; actual device patch availability depends on individual device manufacturers deploying the update — end-user devices may remain unpatched even after Qualcomm's fix was issued
  • ·The vulnerability affects Android versions 12 through 15 and is present in closed-source Qualcomm components; Android 11 and older are unsupported and may not receive the fix

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.