CVE-2024-43047

Use After Free in DSP Service

CVSS 7.8 HIGHEPSS 0.7%● KEVCWE-416

In short

A program tries to use memory that has already been freed, causing it to access invalid data or crash. This can lead to system instability or allow an attacker to execute harmful code on the device.

Technical detail

Use-after-free vulnerability in DSP service memory map management affecting HLOS memory. An attacker with local access can trigger memory corruption by referencing freed memory regions, potentially achieving code execution with elevated privileges.

Summary generated and translated by AI from the official description.

Memory corruption while maintaining memory maps of HLOS memory.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43047