Today CISA added three vulnerabilities to their Known Exploited Vulnerabilities (KEV) Catalog. The three vulnerabilities included one use after free vulnerability in multiple Qualcomm chipsets that are frequently used in communications (5G, Bluetooth, and WiFi) processes. CISA provides the following information for this vulnerability (CVE-2024-43047) for federal agencies:
• Qualcomm Multiple
Chipsets Use-After-Free Vulnerability: Multiple Qualcomm chipsets contain a
use-after-free vulnerability due to memory corruption in DSP Services while
maintaining memory maps of HLOS memory,
• Apply remediations
or mitigations per vendor instructions or discontinue use of the product if
remediation or mitigations are unavailable (due date October 29th,
2024),
• Exploit link.
Very few of the users of this chipset actually buy it from Qualcomm, it comes as part of a larger product. The Qualcomm advisory advises that:
“Patches for the
issue affecting FASTRPC driver have been made available to OEMs together with a
strong recommendation to deploy the update on affected devices as soon as
possible. Please contact your device manufacturer for more information on the
patch status about specific devices.”
Posts
No comments:
Post a Comment