Search
On this page ▾
CVE-2024-43047 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability

CVE-2024-43047

Qualcomm DSP FastRPC Driver — Use-After-Free in Kernel DSP Services; Confirmed Exploitation by Google TAG and Amnesty International
⚠️ CVSS 3.1  7.8 / 10 — HIGH 🔴 CISA Known Exploited Vulnerability

What is the Qualcomm DSP FastRPC Driver?

Qualcomm's Digital Signal Processor (DSP) is a dedicated processor integrated into Qualcomm Snapdragon SoCs that handles compute-intensive workloads like audio processing, image signal processing (ISP), and machine learning inference. The FastRPC (Fast Remote Procedure Call) driver enables communication between the application processor (running Linux/Android) and the DSP, managing memory mappings and inter-processor calls. The FastRPC driver runs as part of the Linux kernel and maintains memory maps of HLOS (High Level OS) memory for use by DSP processes — making it a privileged kernel component accessible from user-space applications that use Qualcomm DSP capabilities.

Overview

CVE-2024-43047 is a use-after-free vulnerability in the Qualcomm DSP Services FastRPC driver, triggered by memory corruption when maintaining memory maps of HLOS memory. A local, low-privileged attacker who can interact with DSP services can trigger the use-after-free, leading to kernel memory corruption and potentially privilege escalation to the kernel level. Qualcomm's October 2024 bulletin acknowledged "limited, targeted exploitation" — language confirmed to mean active zero-day use. CISA added it to the KEV catalog one day after the bulletin, reflecting the confirmed exploitation. Google's Threat Analysis Group (TAG) and Amnesty International's Security Lab both independently confirmed in-the-wild exploitation.

Affected Versions

Qualcomm identified the following chipsets as affected:

Chipset Family Examples
Snapdragon 8 Gen 1/2/3 Flagship Android phones
Snapdragon 695, 778G, 888 Mid-range Android phones
FastConnect 6900, 7800 Wi-Fi/Bluetooth subsystems
Multiple automotive / IoT chipsets Various embedded applications

Check Qualcomm's October 2024 security bulletin for the complete affected chipset list. OEM-specific patches depend on Android device vendor update cadence.

Technical Details

CWE-416 (Use-After-Free). The FastRPC driver maintains memory maps linking HLOS memory regions to DSP-accessible memory. A flaw in the driver's memory management causes a reference to a freed memory region to be retained and later accessed — the classic use-after-free pattern. When the stale pointer is dereferenced, the attacker can read or write the freed memory region, which the kernel allocator may have repurposed for another object. Controlled UAF reads/writes in kernel memory provide the primitives needed to escalate from user space to kernel code execution.

On Android, kernel code execution bypasses the Android sandbox and provides complete control over the device, including access to all data, all running processes, and all hardware interfaces.

Discovery

Confirmed by Google's Threat Analysis Group (TAG) and Amnesty International Security Lab, who disclosed they had observed this vulnerability being exploited in targeted attacks. TAG and Amnesty International are the primary organizations tracking commercial spyware vendors (Pegasus, Predator, Graphite, etc.) and nation-state actors who deploy mobile exploit chains against journalists, activists, and government officials.

Exploitation Context

The confirmation by Google TAG and Amnesty International places this vulnerability in the context of commercial spyware or nation-state targeted attack campaigns — consistent with the "limited, targeted exploitation" characterization. Qualcomm SoCs power the majority of Android flagship and mid-range smartphones globally, making kernel vulnerabilities in Snapdragon DSP drivers a high-value target for mobile surveillance operators. The DSP attack surface is particularly attractive because it is less scrutinized by security researchers than the main application processor kernel path.

Remediation

  1. Apply Android security updates from your device manufacturer that include Qualcomm's October 2024 security bulletin patches.
  2. For Google Pixel devices: apply the October 2024 or later security patch level.
  3. For Samsung Galaxy, OnePlus, Xiaomi, and other OEM devices: apply manufacturer security updates as they are released — update availability and timing vary by OEM and region.
  4. Monitor OEM security bulletins for Qualcomm component fixes included in device updates.
  5. High-risk individuals (journalists, activists, government officials, executives) should consider using devices with timely security update delivery (Google Pixel) and enabling additional protections where available.

Key Details

PropertyValue
CVE ID CVE-2024-43047
Vendor / Product Qualcomm — Multiple Chipsets
NVD Published2024-10-07
NVD Last Modified2025-10-28
CVSS 3.1 Score7.8
CVSS 3.1 VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SeverityHIGH
CWE CWE-416 find similar ↗
CISA KEV Added2024-10-08
CISA KEV Deadline2024-10-29
Known Ransomware Use No

CVSS 3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Required Action

CISA BOD 22-01 Deadline: 2024-10-29. Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Timeline

DateEvent
2024-10-07Qualcomm publishes October 2024 security bulletin acknowledging limited, targeted exploitation; CVE published
2024-10-08Added to CISA Known Exploited Vulnerabilities catalog
2024-10-29CISA BOD 22-01 remediation deadline

References

ResourceType
Qualcomm DSP Kernel — Fix Commit for CVE-2024-43047 Vendor Advisory
NVD — CVE-2024-43047 Vulnerability Database
CISA KEV Catalog Entry US Government

Last updated: 2026-05-19

Suggest an update ↗

Gavin Hollinger & AI assembled this air-gap friendly HTML