CVE-2024-43048

Q: What is the severity of CVE-2024-43048?

CVE-2024-43048 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption when invalid input is passed to the GPU Headroom API call in Qualcomm components. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm GPU drivers.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption when invalid input is passed to the GPU Headroom API call in Qualcomm components. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm GPU drivers.

💻 Affected Systems

Products:

Qualcomm GPU drivers
Devices with Qualcomm Adreno GPUs

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected versions

Operating Systems: Android, Linux-based systems with Qualcomm GPU support

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where GPU Headroom API is accessible to applications

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crash or denial of service affecting GPU functionality

🟢

If Mitigated

Contained crash within the GPU driver process without system-wide impact

🌐 Internet-Facing: MEDIUM - Requires specific API calls but could be triggered through malicious apps

🏢 Internal Only: MEDIUM - Local applications could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to call GPU Headroom API with crafted input; likely requires local application execution

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm December 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Restart Required: No

Instructions:

1. Check Qualcomm advisory for affected chipset/device 2. Obtain updated GPU driver from device manufacturer 3. Apply driver update through standard system update process

🔧 Temporary Workarounds

Restrict GPU API access

Android/Linux

Limit which applications can access GPU Headroom API through SELinux/AppArmor policies

🧯 If You Can't Patch

Implement strict application vetting and sandboxing
Monitor for abnormal GPU driver crashes or memory usage patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset against Qualcomm advisory and verify GPU driver version

Check Version:

adb shell dumpsys gpu (Android) or check /sys/class/kgsl/kgsl-3d0/version (Linux)

Verify Fix Applied:

Verify GPU driver version matches patched version in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

GPU driver crashes
Memory corruption errors in kernel logs
Abnormal GPU API calls

Network Indicators:

Unusual outbound connections following GPU driver crashes

SIEM Query:

source="kernel" AND ("GPU" OR "kgsl") AND ("crash" OR "corruption" OR "panic")

📊 Metadata

CVE ID: CVE-2024-43048

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: December 2, 2024

Last Updated: December 12, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 460 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 662 Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Vision Intelligence 400 Platform Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3990 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm