Qualcomm revealed the information about 20 vulnerabilities in the firmware and chips used in Android devices. One problem is classified as critical, 12 as high, and 7 as average. A specific vulnerability highlighted is cve-2024-43047, which has been exploited in attacks by malicious actors.
The vulnerability exists in the open driver Fastrpc for Qualcomm DSP chips, allowing local attackers to manipulate memory and execute code at a privileged system service level. A patch is available but not yet integrated into device firmware. Over 60 chip models, including FastConnect and Snapdragon series, are affected.
Regarding the critical vulnerability cve-2024-33066, identified by Claroty Research, it can be exploited remotely through wireless networks. The flaw stems from improper input parameter verification in Wlan Resource Manager, potentially enabling file redirection. Systems with various chip series like Immersive Home, IPQXXXX, QCAXXXX, QCFXXXX, QCnxxxx, SDXXX, and Snapdragon X65 5G Modem-RF are at risk.
Additionally, there are 11 vulnerabilities in proprietary components, including closed camera, open wireless network components, GPU, and DSP from Qualcomm, all leading to memory corruption.