InfoSecBulletin Cybersecurity for mankind
Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally.
CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group (TAG) as possibly being exploited in a limited, targeted manner.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation. Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm wrote in its security bulletin.
A serious vulnerability (CVE-2024-33066, CVSS 9.8) in the WLAN Resource Manager could let attackers remotely execute harmful code, risking a complete device takeover. This issue, caused by improper input validation, allows memory corruption by redirecting log files. Affected chipsets include Immersive Home Platforms, IPQ series, QCA series, and Snapdragon X65 5G Modem-RF systems.
A high-severity vulnerability (CVE-2024-23369) in the HLOS (Hardware Abstraction Layer Operating System) allows local attackers to exploit memory corruption by manipulating FRS/UDS buffers. This affects Snapdragon mobile platforms, FastConnect series, and QCA series.
The October bulletin discusses various vulnerabilities in open-source software, including a buffer over-read issue in WLAN Host Communication (CVE-2024-33064) that may lead to denial of service or sensitive information leaks.
Qualcomm urges OEMs to quickly apply necessary patches to protect users. Users should update their devices to the latest firmware and check with their manufacturers about patch status for their specific models.
