CVE-2024-43061: Use After Free in Audio

High (7.8)

Sign up for FREE to recieve instant alerts about this vulnerability!

Description

Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.

Classification

CVE ID: CVE-2024-43061

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-416 Use After Free

Affected Products

Vendor: Qualcomm, Inc.

Product: Snapdragon

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.1198 (how common is this exploit)

EPSS Date: 2025-03-14 (when was this score calculated)

Timeline