CVE DATABASE / CVE-2024-43047
CVE-2024-43047
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 7.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2024-10-08.
Federal remediation due 2024-10-29.
Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Summary
Memory corruption while maintaining memory maps of HLOS memory.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Qualcomm fastconnect 6700 firmwareQualcomm fastconnect 6700Qualcomm fastconnect 6800 firmwareQualcomm fastconnect 6800Qualcomm fastconnect 6900 firmwareQualcomm fastconnect 6900Qualcomm fastconnect 7800 firmwareQualcomm fastconnect 7800Qualcomm qam8295p firmwareQualcomm qam8295pQualcomm qca6174a firmwareQualcomm qca6174aQualcomm qca6391 firmwareQualcomm qca6391Qualcomm qca6426 firmwareQualcomm qca6426Qualcomm qca6436 firmwareQualcomm qca6436Qualcomm qca6574au firmwareQualcomm qca6574au
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43047
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.