CVE-2024-43066

Q: What is the severity of CVE-2024-43066?

CVE-2024-43066 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability (CWE-416) in Qualcomm components that occurs during file descriptor handling in listener registration/deregistration processes. Successful exploitation could allow local attackers to execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm chipsets and drivers.

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability (CWE-416) in Qualcomm components that occurs during file descriptor handling in listener registration/deregistration processes. Successful exploitation could allow local attackers to execute arbitrary code or cause denial of service. This affects devices using vulnerable Qualcomm chipsets and drivers.

💻 Affected Systems

Products:

Qualcomm chipsets and associated drivers/firmware

Versions: Specific versions not detailed in provided reference; consult Qualcomm advisory for exact affected versions.

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with vulnerable Qualcomm components; exact configurations depend on chipset and driver versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to complete system compromise and persistent access.

🟠

Likely Case

Local denial of service (system crash/reboot) or limited privilege escalation within the affected process context.

🟢

If Mitigated

System remains stable with no privilege escalation if proper access controls and exploit mitigations are in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Local attackers or malicious insiders could exploit this to gain elevated privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of memory layout; no public exploit code is currently known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected components. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches according to manufacturer instructions. 4. Reboot system to activate fixes.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems with vulnerable Qualcomm components

Enable exploit mitigations

linux

Enable ASLR, stack canaries, and other memory protection mechanisms

echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor systems for unusual process behavior or crash events

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm chipset/driver versions against advisory; examine system logs for related crashes

Check Version:

cat /proc/cpuinfo | grep -i qualcomm && dmesg | grep -i qualcomm

Verify Fix Applied:

Verify updated Qualcomm component versions match patched versions in advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Use-after-free error messages in dmesg
Process crashes related to Qualcomm drivers

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("use-after-free" OR "qualcomm" AND "panic")

📊 Metadata

CVE ID: CVE-2024-43066

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.07% exploit probability (20.9th percentile)

Published: April 7, 2025

Last Updated: October 6, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qualcomm 205 Mobile Platform Firmware by Qualcomm

Robotics Rb3 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6370 Firmware by Qualcomm

Snapdragon 210 Processor Firmware by Qualcomm

Snapdragon 212 Mobile Platform Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 429 Mobile Platform Firmware by Qualcomm

Snapdragon 460 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm

Snapdragon 660 Mobile Platform Firmware by Qualcomm

Snapdragon 662 Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 820 Automotive Platform Firmware by Qualcomm

Snapdragon 845 Mobile Platform Firmware by Qualcomm

Snapdragon 865 5g Mobile Platform Firmware by Qualcomm

Snapdragon 865\+ 5g Mobile Platform \(sm8250 Ab\) Firmware by Qualcomm

Snapdragon 870 5g Mobile Platform \(sm8250 Ac\) Firmware by Qualcomm

Snapdragon Auto 4g Modem Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon Xr1 Platform Firmware by Qualcomm

Snapdragon Xr2 5g Platform Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr1120 Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Vision Intelligence 400 Platform Firmware by Qualcomm