InfoSecBulletin Cybersecurity for mankind
Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally.
CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group (TAG) as possibly being exploited in a limited, targeted manner.
AWS SNS misused for Data Exfiltration and Phishing
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation. Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm wrote in its security bulletin.
A serious vulnerability (CVE-2024-33066, CVSS 9.8) in the WLAN Resource Manager could let attackers remotely execute harmful code, risking a complete device takeover. This issue, caused by improper input validation, allows memory corruption by redirecting log files. Affected chipsets include Immersive Home Platforms, IPQ series, QCA series, and Snapdragon X65 5G Modem-RF systems.
A high-severity vulnerability (CVE-2024-23369) in the HLOS (Hardware Abstraction Layer Operating System) allows local attackers to exploit memory corruption by manipulating FRS/UDS buffers. This affects Snapdragon mobile platforms, FastConnect series, and QCA series.
The October bulletin discusses various vulnerabilities in open-source software, including a buffer over-read issue in WLAN Host Communication (CVE-2024-33064) that may lead to denial of service or sensitive information leaks.
Qualcomm urges OEMs to quickly apply necessary patches to protect users. Users should update their devices to the latest firmware and check with their manufacturers about patch status for their specific models.
