InfoSecBulletin Cybersecurity for mankind
Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally.
CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group (TAG) as possibly being exploited in a limited, targeted manner.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation. Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm wrote in its security bulletin.
A serious vulnerability (CVE-2024-33066, CVSS 9.8) in the WLAN Resource Manager could let attackers remotely execute harmful code, risking a complete device takeover. This issue, caused by improper input validation, allows memory corruption by redirecting log files. Affected chipsets include Immersive Home Platforms, IPQ series, QCA series, and Snapdragon X65 5G Modem-RF systems.
A high-severity vulnerability (CVE-2024-23369) in the HLOS (Hardware Abstraction Layer Operating System) allows local attackers to exploit memory corruption by manipulating FRS/UDS buffers. This affects Snapdragon mobile platforms, FastConnect series, and QCA series.
The October bulletin discusses various vulnerabilities in open-source software, including a buffer over-read issue in WLAN Host Communication (CVE-2024-33064) that may lead to denial of service or sensitive information leaks.
Qualcomm urges OEMs to quickly apply necessary patches to protect users. Users should update their devices to the latest firmware and check with their manufacturers about patch status for their specific models.
