CVE-2024-43057

Q: What is the severity of CVE-2024-43057?

CVE-2024-43057 has a CVSS score of 7.8 (HIGH). CVE-2024-43057 is a use-after-free vulnerability in the Glink Linux driver that allows memory corruption when processing commands. This could enable local privilege escalation or denial of service attacks. Affected systems include Qualcomm-based devices running vulnerable Linux kernel versions.

7.8 HIGH

📋 TL;DR

CVE-2024-43057 is a use-after-free vulnerability in the Glink Linux driver that allows memory corruption when processing commands. This could enable local privilege escalation or denial of service attacks. Affected systems include Qualcomm-based devices running vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Qualcomm chipsets with Glink Linux driver

Versions: Specific versions not detailed in reference; affected versions prior to March 2025 patches

Operating Systems: Linux kernels on Qualcomm-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects embedded systems, mobile devices, and IoT devices using Qualcomm chipsets with vulnerable Glink driver implementations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains kernel-level privileges, leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated permissions or cause system crashes.

🟢

If Mitigated

Limited to denial of service if proper isolation and privilege separation are implemented.

🌐 Internet-Facing: LOW (requires local access to exploit)

🏢 Internal Only: HIGH (local attackers on compromised systems can escalate privileges)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of memory layout; typical of use-after-free vulnerabilities in kernel drivers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in March 2025 Qualcomm security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for specific patch details. 2. Apply kernel/driver updates from device manufacturer. 3. Reboot system to load patched driver.

🔧 Temporary Workarounds

Restrict local user access

linux

Limit local shell access to trusted users only

Disable unnecessary Glink features

linux

If possible, disable unused Glink communication channels

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted local users
Monitor for privilege escalation attempts and kernel crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel/driver version against Qualcomm security bulletin; examine dmesg for Glink driver version

Check Version:

uname -r && dmesg | grep -i glink

Verify Fix Applied:

Verify kernel/driver version matches patched version from manufacturer; check that March 2025 patches are applied

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Use-after-free warnings in kernel logs
Unexpected privilege escalation

Network Indicators:

None (local exploit only)

SIEM Query:

source="kernel" AND ("use-after-free" OR "glink" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2024-43057

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: March 3, 2025

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Fsm20055 Firmware by Qualcomm

Fsm20056 Firmware by Qualcomm

Immersive Home 214 Firmware by Qualcomm

Immersive Home 216 Firmware by Qualcomm

Immersive Home 316 Firmware by Qualcomm

Immersive Home 318 Firmware by Qualcomm

Immersive Home 3210 Firmware by Qualcomm

Immersive Home 326 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9048 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8000sfp Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcn5021 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm