Qualcomm is releasing a series of security patches and is urging users to fix it now
Qualcomm has released nearly two dozen patches for various products, including fixing a vulnerability most likely to be exploited by state-sponsored attackers.
The company’s security advisory details 20 patches for vulnerabilities affecting various chipsets, including CVE-2024-43047, a high-severity bug (7.8 score) described as “memory corruption while preserving HLOS memory maps.”
The bug would affect Snapdragon 660 and higher, 5G modems, and FastConnect 6700, 6800, 6900, and 7800 Wi-Fi/Bluetooth kits.
Multiple devices affected
Qualcomm emphasized that this bug had already been mentioned by Google’s Threat Analysis Group (TAG), the company’s security arm that typically analyzes zero-day vulnerabilities exploited by nation states and other state-sponsored actors.
“There is evidence from the Google Threat Analysis Group that CVE-2024-43047 may be under limited targeted exploitation,” the advisory reads. “Patches for the FASTRPC driver issue have been made available to OEMs, along with a strong recommendation to deploy the update to affected devices as soon as possible.”
Another notable entry from the batch is the patch for CVE-2024-33066, a vulnerability described as “memory corruption while redirecting log files to any file location with any file name.” It has a severity rating of 9.8 and is considered critical. However, there is no evidence yet of abuse in the wild.
As a major chip manufacturer, Qualcomm is often targeted by cybercriminals. About a year ago, Qualcomm discovered multiple flaws in the Ardeno GPU and Compute DSP drivers (again, after being tipped off by Google’s TAG), which were used for “limited, targeted exploitation.” Also in that case, it said the vulnerabilities were most likely exploited by state-sponsored actors in espionage and data exfiltration attacks.
In both cases, Qualcomm urged its customers to apply available patches as quickly as possible.
Via The registry
