Qualcomm Tackles Exploited Zero-Day Vulnerability and Critical RCE in October 2024 Security Bulletin

Threat Intelligence
Qualcomm Tackles Exploited Zero-Day Vulnerability and Critical RCE in October 2024 Security Bulletin

Published:

Reading time: 5 min.

Qualcomm’s October 2024 Security Bulletin: Addressing Critical Vulnerabilities

Just yesterday, Qualcomm, a leading global technology company renowned for its innovations in wireless telecommunications, released its latest monthly security bulletin. This bulletin addresses a total of 20 vulnerabilities, with 5 affecting proprietary software and 15 related to open-source components. Among these vulnerabilities, one stands out as critical, while another has been flagged by Google’s Threat Analysis Group (TAG) as potentially under active exploitation. These vulnerabilities impact key products, including the widely used Snapdragon mobile platforms and FastConnect solutions.

In this article, we will delve into the details of the vulnerabilities outlined in Qualcomm’s October 2024 bulletin, explore their implications, and provide guidance on how to protect your systems from these potential threats.

CVE-2024-43047: Zero-Day Vulnerability in Qualcomm FastConnect

One of the most pressing vulnerabilities addressed in the October 2024 bulletin is CVE-2024-43047, a high-severity Use-After-Free flaw in the DSP Service, which has a CVSS score of 7.8. Discovered in late July 2024, this vulnerability has been confirmed to be under limited, targeted exploitation in the wild, as reported by Google Project Zero, Amnesty International Security Lab, and Google’s TAG.

Understanding CVE-2024-43047

CVE-2024-43047 results in memory corruption due to improper handling of memory maps in the High-Level Operating System (HLOS) memory. This poses a significant risk to system integrity, making it imperative for users to patch their systems promptly. Qualcomm’s advisory emphasizes the urgency of addressing this vulnerability, as it is actively exploited.

Patches for this vulnerability, which affects the FASTRPC driver, have been provided to OEMs. Qualcomm strongly recommends immediate deployment of these patches, which address the handling of DMA handle references, ensuring that the map for the file descriptor is only freed when a valid reference is found. This effectively mitigates the Use-After-Free condition.

Affected Chipsets

The CVE-2024-43047 vulnerability impacts a broad range of Qualcomm chipsets, including:

  • FastConnect Series: 6700, 6800, 6900, 7800
  • QCA Series: QCA6174A, QCA6391, QCA6426, QCA6436, QCA6574AU, QCA6595, QCA6688AQ, QCA6696
  • QCS Series: QCS410, QCS610, QCS6490
  • Snapdragon Mobile Platforms: Snapdragon 660, 680 4G, 685 4G (SM6225-AD), 8 Gen 1, 865 5G, 870 5G, 888 5G
  • Snapdragon Auto: Auto 5G Modem-RF, Auto 5G Modem-RF Gen 2
  • Video Collaboration Platforms: Qualcomm® VC1 and VC3
  • Audio and Wireless: WCD9335, WCN3980, WSA8810

This list is not exhaustive, and users with affected devices should update their Snapdragon components to the latest firmware version as soon as possible to protect against potential exploitation.

CVE-2024-33066: Critical RCE Vulnerability in Snapdragon

Another significant issue addressed in Qualcomm’s advisory is CVE-2024-33066, a critical vulnerability with a CVSS score of 9.8. This flaw, found in the WLAN Resource Manager, arises from improper input validation.

Implications of CVE-2024-33066

If exploited, CVE-2024-33066 could lead to memory corruption by redirecting log files to arbitrary locations with any file name. This creates an opportunity for attackers to execute Remote Code Execution (RCE), potentially allowing them to fully compromise the affected device. The severity of this vulnerability underscores the importance of prompt action to mitigate risks.

Affected Chipsets

The following chipsets are impacted by CVE-2024-33066:

  • Immersive Home Platforms: 214, 216, 316, 318, 3210, 326
  • IPQ Series: IPQ5010, IPQ5028, IPQ5300, IPQ5302, IPQ5312, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9554, IPQ9574
  • QCA Series: QCA4024, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8386, QCA9888, QCA9889
  • QCF Series: QCF8000, QCF8001
  • QCN Series: QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6112, QCN6122, QCN6132, QCN6402, QCN6412, QCN6422, QCN6432, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9160, QCN9274
  • QXM Series: QXM8083
  • SDX Series: SDX55, SDX65M
  • Snapdragon: X65 5G Modem-RF System

Other Notable Vulnerabilities from Qualcomm’s October 2024 Security Bulletin

In addition to the critical issues, the October 2024 bulletin addresses several high-severity vulnerabilities. These include memory corruption vulnerabilities in proprietary software, such as CVE-2024-23369, triggered by invalid length inputs from HLOS, and CVE-2024-33065, which involves memory corruption during snapshot creation by the camera driver.

For open-source components, the advisory highlights severe vulnerabilities like CVE-2024-38399, leading to memory corruption while processing user packets, and CVE-2024-33064 and CVE-2024-33073, both causing information disclosure during the parsing of wireless protocol fields.

Apply the Latest Patches for FastConnect, Snapdragon, and Other Software

Qualcomm strongly advises OEMs to implement the necessary patches promptly to mitigate potential exploitation risks. Users are encouraged to update their devices to the latest firmware versions and should reach out to their device manufacturers to confirm the patch status for their specific models.

For more detailed information, refer to the Qualcomm October 2024 Security Bulletin.

Other Developments: October 2024 Android Security Update

Coinciding with Qualcomm’s bulletin, Google has also released the October 2024 Android security update, addressing 26 high-severity vulnerabilities. The update, split into two parts (2024-10-01 and 2024-10-05), fixes elevation of privilege, denial-of-service (DoS), and remote code execution flaws across various components. While none of these vulnerabilities are actively exploited, users are urged to update their devices promptly. For more details, refer to the Android Security Bulletin.

Reduce Vulnerability Risk with SOCRadar’s Attack Surface Management

Vulnerabilities in widely-used products, such as mobile platforms, chipsets, and connectivity solutions, can have extensive and serious consequences. According to Qualcomm, its Snapdragon processors are embedded in over a billion smartphones worldwide, including premium devices from Samsung, Xiaomi, OnePlus, and Vivo.

Failing to patch security vulnerabilities on time leaves both businesses and individuals exposed to significant threats, including ransomware, data theft, and network infiltration. Keeping your systems updated is critical, but tracking vulnerabilities across your entire infrastructure can be an overwhelming task. SOCRadar’s Attack Surface Management (ASM) module offers a great solution to this challenge.

By continuously monitoring your external assets for vulnerabilities and attack vectors, SOCRadar’s ASM helps you stay ahead of potential exploits. The platform provides real-time alerts, in-depth reports, and actionable insights, ensuring your organization can respond to threats before they escalate.

In conclusion, staying informed about the latest vulnerabilities and applying necessary patches is crucial in maintaining the security of your devices and systems. As the threat landscape continues to evolve, proactive measures are essential to safeguard against potential attacks.

Related articles

Recent articles

Latest news

© 2024 BasicFundas.com [ CYBERSECURITY NEWS UPDATES ] All Rights Reserved.