Pierluigi Paganini
October 08, 2024
Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8).
The vulnerability stems from a use-after-free bug that could lead to memory corruption.
The zero-day vulnerability resides in the Digital Signal Processor (DSP) service and impacts dozens of chipsets.
“Currently, the DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed. However, since the header buffer is exposed to users in unsigned PD, users can update invalid FDs. If this invalid FD matches with any FD that is already in use, it could lead to a use-after-free (UAF) vulnerability.” reads the DSP kernel commit. “As a solution,add DMA handle references for DMA FDs, and the map for the FD will be freed only when a reference is found.”
The flaw was reported by cybersecurity researchers Seth Jenkins from Google Project Zero and Conghui Wang from Amnesty International Security Lab. Jenkins Hopefully recommends addressing the issue on Android devices as soon as possible.
I found an issue in collaboration with Amnesty and TAG that we have indication may be used ITW, CVE-2024-43047. Seehttps://t.co/yvGrGxw5kv
— Seth Jenkins (@__sethJenkins) October 7, 2024
for the details. Hopefully the bug will be patched on Android devices very soon ….
Google Threat Analysis Group claims that CVE-2024-43047 may be under limited, targeted exploitation, Wang also confirms in-the-wild activity.
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation.” reads the company’s advisory. “Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible. Please contact your device manufacturer for more information on the patch status about specific devices.”
The researchers haven’t published details about the attacks exploiting the CVE-2024-43047, however, the reporting organizations are known for investigating cyberattacks linked to commercial spyware vendors.
Below are the chipsets impacted by this vulnerability:
FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, QAM8295P, QCA6174A, QCA6391, QCA6426, QCA6436, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, QCS410, QCS610, QCS6490, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD660, SD865 5G, SG4150P, Snapdragon 660 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, SW5100, SW5100P, SXR2130, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WSA8810, WSA8815, WSA8830, WSA8835
Qualcomm also addressed a critical improper input validation flaw, tracked as CVE-2024-33066 (CVSS score 9.8), in WLAN Resource Manager.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, zero-day)
