CVE-2024-43059
Published: 03 March 2025
Description
Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.
Security Summary
CVE-2024-43059 is a memory corruption vulnerability classified under CWE-416, stemming from improper handling during IOCTL calls invoked from user-space targeting the HGSL memory node. Published on 2025-03-03, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Qualcomm components, as outlined in their security advisories.
A local attacker with low privileges can exploit this vulnerability through low-complexity IOCTL invocations without requiring user interaction. Exploitation results in high impacts to confidentiality, integrity, and availability, enabling potential memory corruption that could lead to code execution or denial of service within the affected scope.
Qualcomm's March 2025 security bulletin details mitigation steps, including patches for vulnerable products. Security practitioners should consult the advisory at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html for specific affected versions and remediation guidance.
Details
- CWE(s)