Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Qualcomm releases raft of security patches, urges users to fix now

Qualcomm.

Qualcomm has released almost two dozen patches for different products, fixing, among other things, a vulnerability most likely being exploited by state-sponsored attackers.

The company's security advisory detailed 20 patches for vulnerabilities affecting different chipsets, including CVE-2024-43047, a high-severity (7.8 score) bug described as “memory corruption while maintaining memory maps of HLOS memory.”

The bug was said to be affecting Snapdragon 660 and above, 5G modems, and FastConnect 6700, 6800, 6900, and 7800 Wi-Fi/Bluetooth kits.

Multiple devices affected

Qualcomm stressed this bug had already been mentioned by Google’s Threat Analysis Group (TAG), the company’s security arm that usually analyzes zero-day vulnerabilities exploited by nation-states and other state-sponsored actors.

"There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation," the advisory reads. "Patches for the issue affecting the FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible."

Another notable mention from the batch is the patch for CVE-2024-33066, a vulnerability described as “memory corruption while redirecting log file to any file location with any file name.” It carries a severity score of 9.8 and is deemed critical. However, there is no evidence of abuse in the wild just yet.

Being a major chip manufacturer, Qualcomm is often the target of cybercriminals. Roughly a year ago, Qualcomm found multiple flaws in the Ardeno GPU and Compute DSP drivers (again, after being tipped off by Google’s TAG), which were used in “limited, targeted exploitation”. In that case, as well, it was said that the vulnerabilities were most likely abused by state-sponsored actors in espionage and data exfiltration attacks.

In both cases, Qualcomm urged its customers to apply the available patches as soon as possible.

Via The Register

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.