Qualcomm releases raft of security patches, urges users to fix now

Chipmaker unveils fixes for 20 flaws

· TechRadar

News By Sead Fadilpašić published 9 October 2024

Image credit: Shutterstock (Image credit: Shutterstock)

Qualcomm has released almost two dozen patches for different products, fixing, among other things, a vulnerability most likely being exploited by state-sponsored attackers.

The company's security advisory detailed 20 patches for vulnerabilities affecting different chipsets, including CVE-2024-43047, a high-severity (7.8 score) bug described as “memory corruption while maintaining memory maps of HLOS memory.”

The bug was said to be affecting Snapdragon 660 and above, 5G modems, and FastConnect 6700, 6800, 6900, and 7800 Wi-Fi/Bluetooth kits.

Multiple devices affected

Qualcomm stressed this bug had already been mentioned by Google’s Threat Analysis Group (TAG), the company’s security arm that usually analyzes zero-day vulnerabilities exploited by nation-states and other state-sponsored actors.

"There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation," the advisory reads. "Patches for the issue affecting the FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible."

Another notable mention from the batch is the patch for CVE-2024-33066, a vulnerability described as “memory corruption while redirecting log file to any file location with any file name.” It carries a severity score of 9.8 and is deemed critical. However, there is no evidence of abuse in the wild just yet.

Being a major chip manufacturer, Qualcomm is often the target of cybercriminals. Roughly a year ago, Qualcomm found multiple flaws in the Ardeno GPU and Compute DSP drivers (again, after being tipped off by Google’s TAG), which were used in “limited, targeted exploitation”. In that case, as well, it was said that the vulnerabilities were most likely abused by state-sponsored actors in espionage and data exfiltration attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors