CVE-2024-43062
Published: 03 March 2025
Description
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
Security Summary
CVE-2024-43062 is a memory corruption vulnerability stemming from missing locks and checks on the DMA fence combined with improper synchronization, mapped to CWE-416 (Use After Free). It affects components within Qualcomm products, as detailed in the vendor's security bulletin. The issue carries a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low complexity and lack of required user interaction. Successful exploitation enables high-impact outcomes, including arbitrary code execution, data tampering, or system denial of service through memory corruption in the affected DMA fence handling.
Qualcomm's March 2025 security bulletin provides details on the vulnerability, including affected products and recommended patches or mitigations for remediation.
Details
- CWE(s)