CVE-2024-43067 — Time-of-check Time-of-use (TOCTOU) Race Condition in INC Snapdragon

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 83.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon

Timeline

PublishedApr 7

Description

Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5qualcomm_inc/snapdragon58 versions+57

🔴Vulnerability Details

GHSA

GHSA-jgqg-9w53-x8wg: Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory↗2025-04-07

▶