CVE-2024-43052

Q: What is the severity of CVE-2024-43052?

CVE-2024-43052 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm NPU (Neural Processing Unit) drivers when processing API calls with invalid input. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with NPU capabilities.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm NPU (Neural Processing Unit) drivers when processing API calls with invalid input. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with NPU capabilities.

💻 Affected Systems

Products:

Qualcomm chipsets with NPU capabilities

Versions: Specific affected versions not publicly detailed in bulletin

Operating Systems: Android, Linux-based systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm NPU hardware. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise

🟠

Likely Case

Local privilege escalation or denial of service affecting NPU functionality

🟢

If Mitigated

Limited impact with proper input validation and memory protections

🌐 Internet-Facing: LOW (requires local access or malicious app installation)

🏢 Internal Only: MEDIUM (could be exploited by malicious apps or local attackers)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to make API calls to NPU driver with crafted input. Likely requires local access or malicious app.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm December 2024 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update.

🔧 Temporary Workarounds

Restrict NPU API access

Android/Linux

Limit which applications can access NPU APIs through SELinux/AppArmor policies

🧯 If You Can't Patch

Implement strict application vetting and sandboxing
Monitor for unusual NPU API usage patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin

Check Version:

Device-specific (e.g., Android: Settings > About phone > Build number)

Verify Fix Applied:

Verify firmware version includes December 2024 or later security patches

📡 Detection & Monitoring

Log Indicators:

Kernel crashes related to NPU driver
Unusual NPU API call patterns

Network Indicators:

Not network exploitable

SIEM Query:

Search for kernel panic events or NPU driver exceptions

📊 Metadata

CVE ID: CVE-2024-43052

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: December 2, 2024

Last Updated: December 12, 2024

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

205 Mobile Platform Firmware by Qualcomm

215 Mobile Platform Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Home Hub 100 Platform Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Pm8937 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcm2150 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qet4101 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Qsw8573 Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Smart Audio 200 Platform Firmware by Qualcomm

Snapdragon 208 Processor Firmware by Qualcomm

Snapdragon 210 Processor Firmware by Qualcomm

Snapdragon 212 Mobile Platform Firmware by Qualcomm

Snapdragon 425 Mobile Platform Firmware by Qualcomm

Snapdragon 427 Mobile Platform Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 430 Mobile Platform Firmware by Qualcomm

Snapdragon 435 Mobile Platform Firmware by Qualcomm

Snapdragon 439 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform Firmware by Qualcomm

Snapdragon Wear 2100 Platform Firmware by Qualcomm

Snapdragon Wear 2500 Platform Firmware by Qualcomm

Snapdragon Wear 3100 Platform Firmware by Qualcomm

Snapdragon Wear 4100\+ Platform Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon Xr2 5g Platform Firmware by Qualcomm

Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Video Collaboration Vc5 Platform Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680 Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm