CVE-2024-43048

Dec. 12, 2024, 3:27 p.m.

7.8
High

Description

Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Product(s) Impacted

Vendor Product Versions
Qualcomm
  • Fastconnect 6200 Firmware
  • Fastconnect 6200
  • Fastconnect 6900 Firmware
  • Fastconnect 6900
  • Fastconnect 7800 Firmware
  • Fastconnect 7800
  • Qcm4325 Firmware
  • Qcm4325
  • Qcm8550 Firmware
  • Qcm8550
  • Sdm429w Firmware
  • Sdm429w
  • Sg4150p Firmware
  • Sg4150p
  • Sm4635 Firmware
  • Sm4635
  • Sm8550p Firmware
  • Sm8550p
  • Sm8635 Firmware
  • Sm8635
  • Sm8750 Firmware
  • Sm8750
  • Sm8750p Firmware
  • Sm8750p
  • Snapdragon 4 Gen 1 Mobile Platform Firmware
  • Snapdragon 4 Gen 1 Mobile Platform
  • Snapdragon 429 Mobile Platform Firmware
  • Snapdragon 429 Mobile Platform
  • Snapdragon 460 Mobile Platform Firmware
  • Snapdragon 460 Mobile Platform
  • Snapdragon 480 5g Mobile Platform Firmware
  • Snapdragon 480 5g Mobile Platform
  • Snapdragon 480\+ 5g Mobile Platform Firmware
  • Snapdragon 480\+ 5g Mobile Platform
  • Snapdragon 662 Mobile Platform Firmware
  • Snapdragon 662 Mobile Platform
  • Snapdragon 680 4g Mobile Platform Firmware
  • Snapdragon 680 4g Mobile Platform
  • Snapdragon 685 4g Mobile Platform Firmware
  • Snapdragon 685 4g Mobile Platform
  • Snapdragon 695 5g Mobile Platform Firmware
  • Snapdragon 695 5g Mobile Platform
  • Snapdragon 8 Gen 2 Mobile Platform Firmware
  • Snapdragon 8 Gen 2 Mobile Platform
  • Snapdragon 8 Gen 3 Mobile Platform Firmware
  • Snapdragon 8 Gen 3 Mobile Platform
  • Snapdragon 8\+ Gen 2 Mobile Platform Firmware
  • Snapdragon 8\+ Gen 2 Mobile Platform
  • Vision Intelligence 400 Platform Firmware
  • Vision Intelligence 400 Platform
  • Wcd9335 Firmware
  • Wcd9335
  • Wcd9341 Firmware
  • Wcd9341
  • Wcd9370 Firmware
  • Wcd9370
  • Wcd9375 Firmware
  • Wcd9375
  • Wcd9378 Firmware
  • Wcd9378
  • Wcd9380 Firmware
  • Wcd9380
  • Wcd9385 Firmware
  • Wcd9385
  • Wcd9390 Firmware
  • Wcd9390
  • Wcd9395 Firmware
  • Wcd9395
  • Wcn3620 Firmware
  • Wcn3620
  • Wcn3660b Firmware
  • Wcn3660b
  • Wcn3950 Firmware
  • Wcn3950
  • Wcn3988 Firmware
  • Wcn3988
  • Wcn3990 Firmware
  • Wcn3990
  • Wcn6755 Firmware
  • Wcn6755
  • Wcn7860 Firmware
  • Wcn7860
  • Wcn7861 Firmware
  • Wcn7861
  • Wcn7880 Firmware
  • Wcn7880
  • Wcn7881 Firmware
  • Wcn7881
  • Wsa8810 Firmware
  • Wsa8810
  • Wsa8815 Firmware
  • Wsa8815
  • Wsa8830 Firmware
  • Wsa8830
  • Wsa8832 Firmware
  • Wsa8832
  • Wsa8835 Firmware
  • Wsa8835
  • Wsa8840 Firmware
  • Wsa8840
  • Wsa8845 Firmware
  • Wsa8845
  • Wsa8845h Firmware
  • Wsa8845h
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm fastconnect_6200_firmware - / / / / / / /
h qualcomm fastconnect_6200 - / / / / / / /
o qualcomm fastconnect_6900_firmware - / / / / / / /
h qualcomm fastconnect_6900 - / / / / / / /
o qualcomm fastconnect_7800_firmware - / / / / / / /
h qualcomm fastconnect_7800 - / / / / / / /
o qualcomm qcm4325_firmware - / / / / / / /
h qualcomm qcm4325 - / / / / / / /
o qualcomm qcm8550_firmware - / / / / / / /
h qualcomm qcm8550 - / / / / / / /
o qualcomm sdm429w_firmware - / / / / / / /
h qualcomm sdm429w - / / / / / / /
o qualcomm sg4150p_firmware - / / / / / / /
h qualcomm sg4150p - / / / / / / /
o qualcomm sm4635_firmware - / / / / / / /
h qualcomm sm4635 - / / / / / / /
o qualcomm sm8550p_firmware - / / / / / / /
h qualcomm sm8550p - / / / / / / /
o qualcomm sm8635_firmware - / / / / / / /
h qualcomm sm8635 - / / / / / / /
o qualcomm sm8750_firmware - / / / / / / /
h qualcomm sm8750 - / / / / / / /
o qualcomm sm8750p_firmware - / / / / / / /
h qualcomm sm8750p - / / / / / / /
o qualcomm snapdragon_4_gen_1_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_4_gen_1_mobile_platform - / / / / / / /
o qualcomm snapdragon_429_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_429_mobile_platform - / / / / / / /
o qualcomm snapdragon_460_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_460_mobile_platform - / / / / / / /
o qualcomm snapdragon_480_5g_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_480_5g_mobile_platform - / / / / / / /
o qualcomm snapdragon_480\+_5g_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_480\+_5g_mobile_platform - / / / / / / /
o qualcomm snapdragon_662_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_662_mobile_platform - / / / / / / /
o qualcomm snapdragon_680_4g_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_680_4g_mobile_platform - / / / / / / /
o qualcomm snapdragon_685_4g_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_685_4g_mobile_platform - / / / / / / /
o qualcomm snapdragon_695_5g_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_695_5g_mobile_platform - / / / / / / /
o qualcomm snapdragon_8_gen_2_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_2_mobile_platform - / / / / / / /
o qualcomm snapdragon_8_gen_3_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_8_gen_3_mobile_platform - / / / / / / /
o qualcomm snapdragon_8\+_gen_2_mobile_platform_firmware - / / / / / / /
h qualcomm snapdragon_8\+_gen_2_mobile_platform - / / / / / / /
o qualcomm vision_intelligence_400_platform_firmware - / / / / / / /
h qualcomm vision_intelligence_400_platform - / / / / / / /
o qualcomm wcd9335_firmware - / / / / / / /
h qualcomm wcd9335 - / / / / / / /
o qualcomm wcd9341_firmware - / / / / / / /
h qualcomm wcd9341 - / / / / / / /
o qualcomm wcd9370_firmware - / / / / / / /
h qualcomm wcd9370 - / / / / / / /
o qualcomm wcd9375_firmware - / / / / / / /
h qualcomm wcd9375 - / / / / / / /
o qualcomm wcd9378_firmware - / / / / / / /
h qualcomm wcd9378 - / / / / / / /
o qualcomm wcd9380_firmware - / / / / / / /
h qualcomm wcd9380 - / / / / / / /
o qualcomm wcd9385_firmware - / / / / / / /
h qualcomm wcd9385 - / / / / / / /
o qualcomm wcd9390_firmware - / / / / / / /
h qualcomm wcd9390 - / / / / / / /
o qualcomm wcd9395_firmware - / / / / / / /
h qualcomm wcd9395 - / / / / / / /
o qualcomm wcn3620_firmware - / / / / / / /
h qualcomm wcn3620 - / / / / / / /
o qualcomm wcn3660b_firmware - / / / / / / /
h qualcomm wcn3660b - / / / / / / /
o qualcomm wcn3950_firmware - / / / / / / /
h qualcomm wcn3950 - / / / / / / /
o qualcomm wcn3988_firmware - / / / / / / /
h qualcomm wcn3988 - / / / / / / /
o qualcomm wcn3990_firmware - / / / / / / /
h qualcomm wcn3990 - / / / / / / /
o qualcomm wcn6755_firmware - / / / / / / /
h qualcomm wcn6755 - / / / / / / /
o qualcomm wcn7860_firmware - / / / / / / /
h qualcomm wcn7860 - / / / / / / /
o qualcomm wcn7861_firmware - / / / / / / /
h qualcomm wcn7861 - / / / / / / /
o qualcomm wcn7880_firmware - / / / / / / /
h qualcomm wcn7880 - / / / / / / /
o qualcomm wcn7881_firmware - / / / / / / /
h qualcomm wcn7881 - / / / / / / /
o qualcomm wsa8810_firmware - / / / / / / /
h qualcomm wsa8810 - / / / / / / /
o qualcomm wsa8815_firmware - / / / / / / /
h qualcomm wsa8815 - / / / / / / /
o qualcomm wsa8830_firmware - / / / / / / /
h qualcomm wsa8830 - / / / / / / /
o qualcomm wsa8832_firmware - / / / / / / /
h qualcomm wsa8832 - / / / / / / /
o qualcomm wsa8835_firmware - / / / / / / /
h qualcomm wsa8835 - / / / / / / /
o qualcomm wsa8840_firmware - / / / / / / /
h qualcomm wsa8840 - / / / / / / /
o qualcomm wsa8845_firmware - / / / / / / /
h qualcomm wsa8845 - / / / / / / /
o qualcomm wsa8845h_firmware - / / / / / / /
h qualcomm wsa8845h - / / / / / / /

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Tags

CWE-787
CWE-121
product-security@qualcomm.com
2024-12-02
CVE-2024-43048

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 2, 2024, 11:15 a.m.
Last Modified: Dec. 12, 2024, 3:27 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.