CVE-2024-21468

Q: What is the severity of CVE-2024-21468?

CVE-2024-21468 has a CVSS score of 8.4 (HIGH). CVE-2024-21468 is a use-after-free vulnerability in Qualcomm GPU drivers where failed memory unmapping operations can lead to memory corruption. This allows attackers to potentially execute arbitrary code or cause denial of service. Affected systems include devices with Qualcomm Adreno GPUs across mobile, automotive, and IoT platforms.

8.4 HIGH

📋 TL;DR

CVE-2024-21468 is a use-after-free vulnerability in Qualcomm GPU drivers where failed memory unmapping operations can lead to memory corruption. This allows attackers to potentially execute arbitrary code or cause denial of service. Affected systems include devices with Qualcomm Adreno GPUs across mobile, automotive, and IoT platforms.

💻 Affected Systems

Products:

Qualcomm Adreno GPU-based devices
Snapdragon mobile platforms
Automotive platforms with Qualcomm GPUs

Versions: Multiple Qualcomm chipset versions prior to April 2024 security updates

Operating Systems: Android, Linux-based systems with Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm GPU driver versions. Specific chipset models listed in Qualcomm's April 2024 security bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete device control, data theft, and persistence.

🟠

Likely Case

Application crashes, system instability, or limited privilege escalation within the GPU context.

🟢

If Mitigated

Contained crashes or instability without privilege escalation if proper sandboxing and memory protections are enforced.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and specific GPU operations. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: April 2024 security updates from Qualcomm and device manufacturers

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available security updates. 2. Apply April 2024 or later security patches. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict GPU access

all

Limit applications with GPU access to trusted sources only

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict application allowlisting to prevent malicious GPU operations

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in settings (Android: Settings > About phone > Android version > Security patch level)

Check Version:

Android: adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is April 2024 or later

📡 Detection & Monitoring

Log Indicators:

GPU driver crashes
Memory corruption errors in kernel logs
Application crashes with GPU-related errors

SIEM Query:

source="kernel" AND ("GPU" OR "Adreno") AND ("crash" OR "corruption" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2024-21468

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 1, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Patch,Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

205 Mobile Firmware by Qualcomm

215 Mobile Firmware by Qualcomm

315 5g Iot Modem Firmware by Qualcomm

9206 Lte Modem Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Firmware by Qualcomm

Home Hub 100 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8155 Firmware by Qualcomm