Qualcomm Addresses High-Risk Zero-Day Vulnerability in DSP Service

October 7, 2024

Qualcomm has rolled out security patches for a zero-day vulnerability in its Digital Signal Processor (DSP) service, which affects a multitude of chipsets. The vulnerability, designated as CVE-2024-43047, was reported by Seth Jenkins of Google Project Zero and Conghui Wang of Amnesty International Security Lab. This security flaw stems from a use-after-free vulnerability that could lead to memory corruption if successfully exploited by local attackers possessing low privileges.

The company explained the technical details of the vulnerability in a DSP kernel commit. The DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed. However, since the header buffer is exposed to users in unsigned PD, users can update invalid FDs. If this invalid FD matches with any FD that is already in use, it could lead to a use-after-free (UAF) vulnerability.

In a security advisory issued on Monday, Qualcomm warned that the vulnerability had been exploited in the wild. Both Google's Threat Analysis Group and Amnesty International Security Lab, known for uncovering zero-day bugs used in spyware attacks targeting high-risk individuals, confirmed this. Qualcomm stated, 'There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation.'

The company has made patches for the issue affecting the FASTRPC driver available to OEMs and strongly recommends deploying the update on affected devices as soon as possible. Qualcomm also advised users to get in touch with their device manufacturer for more information about the patch status of their specific devices.

Today, Qualcomm also addressed another high-severity flaw (CVE-2024-33066) in the WLAN Resource Manager, which was reported over a year ago. This flaw, caused by improper input validation, could also lead to memory corruption.

Qualcomm has previously warned about exploitation of three zero-day vulnerabilities in its GPU and Compute DSP drivers. According to Google's Threat Analysis Group (TAG) and Project Zero teams, these were used for limited, targeted exploitation. Further details on these attacks are yet to be released by Google and Qualcomm.

Over the years, Qualcomm has also patched chipset vulnerabilities that could enable attackers to access users' media files, text messages, call history, and real-time conversations. The company has fixed issues in its Snapdragon Digital Signal Processor (DSP) chip that could allow hackers to take control of smartphones, spy on users, and create undetectable malware. Qualcomm also addressed a vulnerability in 2020, known as KrØØk, which allowed attackers to decrypt some WPA2-encrypted wireless network packets. Another now-fixed bug granted access to critical data.

Latest News

• High-Risk Flaw in WordPress LiteSpeed Cache Plugin Could Lead to Site Takeover
• Apple Patches Two New iOS Security Vulnerabilities: CVE-2024-44204 and CVE-2024-44207
• CosmicSting Attacks Compromise Over 4,000 Adobe Commerce and Magento Stores
• Cloudflare Successfully Thwarts Record-Breaking 3.8 Tbps DDoS Attack
• Pervasive 'perfctl' Fileless Malware Threatens Millions of Linux Servers Globally