CVE-2024-43061

CVE-2024-43061 is a memory corruption vulnerability stemming from a use-after-free condition (CWE-416) that occurs during voice activation in Qualcomm components. Specifically, it arises when sound model parameters are loaded from the High-Level Operating System (HLOS), and the received sound model list is empty in the HLOS driver. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could allow the attacker to trigger memory corruption, potentially leading to arbitrary code execution, data tampering, or denial of service within the affected component.

Qualcomm's March 2025 security bulletin details the affected products, exploitation status, and available patches or mitigations at https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html. Security practitioners should consult this advisory for vendor-specific remediation guidance.