CVE-2024-43057

CVE-2024-43057 is a memory corruption vulnerability, classified under CWE-416 (Use After Free), that occurs while processing a command in Glink Linux. It affects Qualcomm products, as detailed in the vendor's security bulletin, and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

The vulnerability can be exploited by a local attacker with low privileges who has access to the affected system. Exploitation requires low complexity and no user interaction, allowing the attacker to trigger memory corruption during command processing in Glink Linux. Successful exploitation could result in high-impact outcomes, including arbitrary code execution, data tampering, or system denial of service within the local scope.

Qualcomm has addressed this issue in their March 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html, which provides details on affected products and recommended patches or mitigations for security practitioners to apply.