CVE-2024-43060

CVE-2024-43060 is a memory corruption vulnerability that occurs during voice activation when sound model parameters are loaded from the High-Level Operating System (HLOS) to the Audio Digital Signal Processor (ADSP) in Qualcomm components. It is associated with CWE-823 (Use of Out-of-bounds Read) and CWE-119 (Buffer Overflow), carrying a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue was published on March 3, 2025.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution or system compromise within the affected ADSP context.

Qualcomm has addressed this issue in its March 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html, which provides details on patches and affected products for mitigation. Security practitioners should apply the recommended updates promptly to vulnerable Qualcomm platforms.