Qualcomm Releases 20 Security Update Patches for Chip Sets, Vulnerabilities Discovered

On October 9th, TapTechNews reported that on Tuesday local time, Qualcomm released 20 security update patches for its various chip sets, including a DSP software vulnerability - CVE-2024-43047 that has been actually exploited, with a CVSS severity score of 7.8 points.

This vulnerability was jointly submitted by Google's Project Zero team and Amnesty International's code testers, and the latter said that the vulnerability has been exploited by hackers or commercial software vendors.

Qualcomm mentioned in the announcement: Signs from Google's Threat Analysis Group indicate that CVE-2024-43047 may be under limited and targeted exploitation, and Patches affecting the FASTRPC driver have been provided to OEM manufacturers and strongly recommend deploying updates on affected devices as soon as possible.

The CVE-2024-43047 vulnerability mainly affects Snapdragon 660 and newer SoC models, 5G modems, and the four Wi-Fi Bluetooth kits FastConnect 6700, 6800, 6900, and 7800.

Among the other 19 vulnerabilities, the most serious one is CVE-2024-33066 with a CVSS score of 9.8. Fortunately, so far no signs of this vulnerability being exploited have been found.

TapTechNews noticed that among the batch of vulnerabilities announced by Qualcomm, many discoverers are related to Chinese people. For example, CVE-2024-43047, CVE-2024-23376, and CVE-2024-23379 all involve a researcher named Conghui Wang (conghuiwang), while CVE-2024-23374 was reported by Ma Chao (ChaoMa), a member of Baidu's AIoT security team, and another CVE-2024-23375 seems to be discovered by a person named Zinuo Han.