CVE-2024-43061: Use After Free in Audio

7.8 CVSS

Description

Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive.

Classification

CVE ID: CVE-2024-43061

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-416 Use After Free

Affected Products

Vendor: Qualcomm, Inc.

Product: Snapdragon

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.01% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-43061
https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Timeline

2025-03-03 11:40:14 UTC
CVE

Use After Free in Audio