CVE-2024-43062
Published: 03 March 2025
Summary
CVE-2024-43062 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-43062 is a memory corruption vulnerability stemming from missing locks and checks on the DMA fence combined with improper synchronization, mapped to CWE-416 (Use After Free). It affects components within Qualcomm products, as detailed in the vendor's security bulletin. The issue carries a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low complexity and lack of required user interaction. Successful exploitation enables high-impact outcomes, including arbitrary code execution, data tampering, or system denial of service through memory corruption in the affected DMA fence handling.
Qualcomm's March 2025 security bulletin provides details on the vulnerability, including affected products and recommended patches or mitigations for remediation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5789
Vulnerability details
Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption (UAF) with low-privilege access directly enables exploitation for privilege escalation to achieve arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the memory corruption vulnerability in DMA fence handling through application of Qualcomm's provided patches.
Implements memory protection mechanisms that directly prevent exploitation of the use-after-free condition caused by missing locks and improper synchronization on DMA fences.
Monitors software and firmware integrity to detect violations from memory corruption in DMA fence synchronization.