CVE-2024-43050

Q: What is the severity of CVE-2024-43050?

CVE-2024-43050 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to cause memory corruption in WLAN drivers by sending specially crafted IOCTL calls. It affects systems with Qualcomm wireless chipsets, potentially leading to privilege escalation or denial of service. Attackers need local access to exploit this vulnerability.

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to cause memory corruption in WLAN drivers by sending specially crafted IOCTL calls. It affects systems with Qualcomm wireless chipsets, potentially leading to privilege escalation or denial of service. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and associated drivers

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected products

Operating Systems: Linux-based systems, Android, and other OS using Qualcomm WLAN drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in factory test command handling within WLAN driver IOCTL interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privilege escalation to kernel-level access, allowing complete system compromise and potential persistence mechanisms.

🟠

Likely Case

Local denial of service through kernel panic or system crash, requiring physical or remote console access to recover.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized local users from executing IOCTL commands.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.

🏢 Internal Only: MEDIUM - Local attackers or compromised user accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires understanding of WLAN driver internals and IOCTL interface to craft malicious commands.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Restart Required: No

Instructions:

1. Check Qualcomm advisory for affected chipset/driver versions. 2. Obtain updated driver/firmware from device manufacturer. 3. Apply update following manufacturer instructions. 4. Verify driver version after update.

🔧 Temporary Workarounds

Restrict IOCTL access

Linux

Limit access to WLAN driver IOCTL interface to privileged users only

chmod 600 /dev/wlan
setfacl -m u:root:rw- /dev/wlan

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized users from accessing WLAN driver interfaces
Monitor for unusual IOCTL calls to WLAN driver and investigate suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset version and WLAN driver version against advisory; examine if factory test IOCTL commands are accessible

Check Version:

modinfo wlan | grep version OR dmesg | grep -i qualcomm

Verify Fix Applied:

Verify updated driver version matches patched version from Qualcomm advisory; test that factory test IOCTL commands are properly validated

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning WLAN driver
IOCTL calls to WLAN driver with unusual parameters
Failed factory test command attempts

Network Indicators:

Unusual local system crashes affecting wireless connectivity

SIEM Query:

source="kernel" AND "WLAN" AND ("panic" OR "IOCTL" OR "factory test")

📊 Metadata

CVE ID: CVE-2024-43050

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: December 2, 2024

Last Updated: December 12, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca6164 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn7605 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sc8180x Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8c Compute Platform Firmware by Qualcomm

Snapdragon 8cx Compute Platform Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform Firmware by Qualcomm

Snapdragon 8cx Gen 2 5g Compute Platform Firmware by Qualcomm

Snapdragon 8cx Gen 3 Compute Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm