Cyber Resilience

CVE-2024-43062

High

Published: 03 March 2025

Published
03 March 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43062 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-43062 is a memory corruption vulnerability stemming from missing locks and checks on the DMA fence combined with improper synchronization, mapped to CWE-416 (Use After Free). It affects components within Qualcomm products, as detailed in the vendor's security bulletin. The issue carries a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability due to its low complexity and lack of required user interaction. Successful exploitation enables high-impact outcomes, including arbitrary code execution, data tampering, or system denial of service through memory corruption in the affected DMA fence handling.

Qualcomm's March 2025 security bulletin provides details on the vulnerability, including affected products and recommended patches or mitigations for remediation.

EU & UK References

Vulnerability details

Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption (UAF) with low-privilege access directly enables exploitation for privilege escalation to achieve arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-43059Same product: Qualcomm Fastconnect 6900
CVE-2024-43055Same product: Qualcomm Fastconnect 6900
CVE-2024-43061Same product: Qualcomm Fastconnect 6900
CVE-2024-45580Same product: Qualcomm Fastconnect 6900
CVE-2026-21380Same product: Qualcomm Fastconnect 6900
CVE-2025-47358Same product: Qualcomm Fastconnect 6900
CVE-2024-33055Same product: Qualcomm Fastconnect 6900
CVE-2024-33059Same product: Qualcomm Fastconnect 6900
CVE-2024-38411Same product: Qualcomm Fastconnect 6900
CVE-2025-47359Same product: Qualcomm Fastconnect 6900

Affected Assets

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
sdm429w firmware
all versions
qualcomm
snapdragon 429 firmware
all versions
qualcomm
snapdragon 8 gen 1 firmware
all versions
qualcomm
sxr2230p firmware
all versions
qualcomm
sxr2250p firmware
all versions
qualcomm
wcd9380 firmware
all versions
qualcomm
wcd9385 firmware
all versions
qualcomm
wcn3620 firmware
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Requires timely remediation of the memory corruption vulnerability in DMA fence handling through application of Qualcomm's provided patches.

prevent

Implements memory protection mechanisms that directly prevent exploitation of the use-after-free condition caused by missing locks and improper synchronization on DMA fences.

detect

Monitors software and firmware integrity to detect violations from memory corruption in DMA fence synchronization.

References