# March 2025 Security Bulletin

## Updated On: 03/03/2025

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices.
                This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.

Please reach out to
                [securitybulletin@qti.qualcomm.com](mailto:securitybulletin@qti.qualcomm.com)
                for any questions related to this bulletin.

## Table of Contents

| Announcements |
| --- |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |

##  Announcements 

None

## Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

| CVE-2024-43051 | Reported to us through Google Android Security team; please see bulletins at [https://source.android.com/security/overview/acknowledgements/](https://source.android.com/security/overview/acknowledgements/) for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
| --- | --- |
| CVE-2024-53033,CVE-2024-53034 | Nicola Stauffer |
| CVE-2025-21424 | Seth Jenkins of Google Project Zero |
| CVE-2024-38426 | S.M.M. Rashid, T. Wu, A. A. Ishtiaq, K.Tu, Y. Dong, R. H. Tanvir, S. R. Hussain (Penn State), O.H. Chowdhury (Stony Brook) |
| CVE-2024-43055,CVE-2024-43056 | heidada |
| CVE-2024-43057,CVE-2024-43059,CVE-2024-43060,CVE-2024-43061 | sili luo (hac425xxx@gmail.com) |
| CVE-2024-43062 | ayano23th (ayano23th) |

## Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities.
                Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. 
                Please contact the device manufacturer for information on the patching status of released devices.

| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
| --- | --- | --- | --- | --- |
| CVE-2024-53012 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-53022 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-53028 | Critical | High | Automotive Vehicle Networks | Internal |
| CVE-2024-53029 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-53030 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-53031 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-53032 | Critical | High | Automotive Software platform based on QNX | Internal |
| CVE-2024-43051 | High | Medium | HLOS | 05/06/2024 |
| CVE-2024-53011 | High | High | Video Analytics and Processing (VAP) | Internal |
| CVE-2024-53025 | High | Medium | BT Controller | Internal |
| CVE-2024-53033 | High | High | DSP Service | 10/12/2024 |
| CVE-2024-53034 | High | High | DSP Service | 10/19/2024 |

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
| --- | --- | --- | --- | --- |
| CVE-2024-38426 | Medium | Medium | Multi-Mode Call Processor | 01/03/2024 |
| CVE-2024-43056 | Medium | Medium | Hypervisor | 04/19/2024 |

### CVE-2024-53012

| CVE ID | CVE-2024-53012 |
| --- | --- |
| Title | Improper Input Validation in Automotive OS Platform |
| Description | Memory corruption may occur due to improper input validation in clock device. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, SA7255P, SA7775P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-53022

| CVE ID | CVE-2024-53022 |
| --- | --- |
| Title | Improper Input Validation in Automotive OS Platform |
| Description | Memory corruption may occur during communication between primary and guest VM. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6696, SA7255P, SA7775P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-53028

| CVE ID | CVE-2024-53028 |
| --- | --- |
| Title | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive Vehicle Networks |
| Description | Memory corruption may occur while processing message from frontend during allocation. |
| Technology Area | Automotive Vehicle Networks |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-53029

| CVE ID | CVE-2024-53029 |
| --- | --- |
| Title | Improper Input Validation in Automotive OS Platform |
| Description | Memory corruption while reading a value from a buffer controlled by the Guest Virtual Machine. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, SA7255P, SA7775P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-53030

| CVE ID | CVE-2024-53030 |
| --- | --- |
| Title | Improper Input Validation in Automotive OS Platform |
| Description | Memory corruption while processing input message passed from FE driver. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | MSM8996AU, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCS9100, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, Snapdragon 820 Automotive Platform, SRV1H, SRV1L, SRV1M |

### CVE-2024-53031

| CVE ID | CVE-2024-53031 |
| --- | --- |
| Title | Improper Input Validation in Automotive OS Platform |
| Description | Memory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, SA7255P, SA7775P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-53032

| CVE ID | CVE-2024-53032 |
| --- | --- |
| Title | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform |
| Description | Memory corruption may occur in keyboard virtual device due to guest VM interaction. |
| Technology Area | Automotive Software platform based on QNX |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCA6698AQ, SA7255P, SA7775P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SRV1H, SRV1L, SRV1M |

### CVE-2024-43051

| CVE ID | CVE-2024-43051 |
| --- | --- |
| Title | Improper Authorization in SPS-HLOS |
| Description | Information disclosure while deriving keys for a session for any Widevine use case. |
| Technology Area | HLOS |
| Vulnerability Type | CWE-285 Improper Authorization |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 5.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Date Reported | 2024/05/06 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCC710, QCM2290, QCM4290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN7606, QCN9011, QCN9012, QCN9024, QCN9074, QCN9274, QCS2290, QCS4290, QCS4490, QCS5430, QCS6125, QCS6490, QCS7230, QCS8250, QCS8550, QCS9100, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, QRU1032, QRU1052, QRU1062, QSM8250, QSM8350, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SC8380XP, SD 8 Gen1 5G, SD460, SD662, SD670, SD730, SD855, SD865 5G, SD888, SDX55, SDX61, SG4150P, SG8275P, SM4125, SM4635, SM6250, SM6370, SM6650, SM7250P, SM7315, SM7325P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X35 5G Modem-RF System, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SRV1H, SRV1L, SRV1M, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1120, SXR1230P, SXR2130, SXR2230P, SXR2250P, SXR2330P, TalynPlus, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3999, WCN6450, WCN6650, WCN6740, WCN6755, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |

### CVE-2024-53011

| CVE ID | CVE-2024-53011 |
| --- | --- |
| Title | Permissions, Privileges, and Access Controls in Video Analytics and Processing |
| Description | Information disclosure may occur due to improper permission and access controls to Video Analytics engine. |
| Technology Area | Video Analytics and Processing (VAP) |
| Vulnerability Type | CWE-264 Permissions, Privileges, and Access Controls |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.9 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, QCA6391, QCA6564, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6688AQ, QCA6696, QCM8550, QCN9274, QCS7230, QCS8155, QCS8550, QMP1000, QRB5165N, Qualcomm® Video Collaboration VC5 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8380XP, SD 8 Gen1 5G, SG8275P, SM6650, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, SSG2115P, SSG2125P, SXR1230P, SXR2230P, SXR2250P, SXR2330P, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN6450, WCN6650, WCN6755, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |

### CVE-2024-53025

| CVE ID | CVE-2024-53025 |
| --- | --- |
| Title | Integer Overflow or Wraparound in BT Controller |
| Description | Transient DOS can occur while processing UCI command. |
| Technology Area | BT Controller |
| Vulnerability Type | CWE-190 Integer Overflow or Wraparound |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 5.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | FastConnect 7800, SM8750, SM8750P, Snapdragon 8 Gen 3 Mobile Platform, WCD9390, WCD9395, WCN6450, WCN6755, WCN7860, WCN7861, WCN7880, WCN7881, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |

### CVE-2024-53033

| CVE ID | CVE-2024-53033 |
| --- | --- |
| Title | Untrusted Pointer Dereference in DSP\_Services |
| Description | Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-822 Untrusted Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/10/12 |
| Customer Notified Date | 2025/01/06 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, SC8380XP, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H |

### CVE-2024-53034

| CVE ID | CVE-2024-53034 |
| --- | --- |
| Title | Untrusted Pointer Dereference in DSP\_Services |
| Description | Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-822 Untrusted Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/10/19 |
| Customer Notified Date | 2025/01/06 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, SC8380XP, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H |

### CVE-2024-38426

| CVE ID | CVE-2024-38426 |
| --- | --- |
| Title | Improper Authentication in Modem |
| Description | While processing the authentication message in UE, improper authentication may lead to information disclosure. |
| Technology Area | Multi-Mode Call Processor |
| Vulnerability Type | CWE-287 Improper Authentication |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 5.4 |
| CVSS String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
| Date Reported | 2024/01/03 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | 315 5G IoT Modem, 9205 LTE Modem, AR8035, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM9205S, MDM9628, MDM9640, MSM8996AU, QCA4004, QCA6174A, QCA6310, QCA6320, QCA6391, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCC710, QCC711, QCM2150, QCM2290, QCM4290, QCM4325, QCM4490, QCM6125, QCN6024, QCN6224, QCN6274, QCN9024, QCS2290, QCS410, QCS4290, QCS4490, QCS610, QCS6125, QEP8111, QFW7114, QFW7124, QTS110, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Robotics RB2 Platform, SD 675, SD 8 Gen1 5G, SD675, SD730, SD835, SDM429W, SDX55, SDX57M, SDX61, SDX71M, SDX80M, SG4150P, SM6650, SM7250P, SM7635, SM7675, SM7675P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 835 Mobile PC Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X35 5G Modem-RF System, Snapdragon X5 LTE Modem, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon Auto 4G Modem, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |

### CVE-2024-43056

| CVE ID | CVE-2024-43056 |
| --- | --- |
| Title | Buffer Over-read in Hypervisor |
| Description | Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Technology Area | Hypervisor |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 5.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2024/04/19 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | AQT1000, AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6310, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9377, QCC710, QCM4490, QCM5430, QCM6490, QCM8550, QCN6224, QCN6274, QCN9274, QCS4490, QCS5430, QCS6490, QCS8550, QCS9100, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QRU1032, QRU1052, QRU1062, QSM8350, Qualcomm® Video Collaboration VC3 Platform, Robotics RB3 Platform, SA6145P, SA6155, SA6155P, SA7255P, SA7775P, SA8150P, SA8155, SA8155P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SC8380XP, SD 675, SD 8 Gen1 5G, SD 8CX, SD670, SD675, SD855, SD865 5G, SDM429W, SDX55, SDX57M, SDX80M, SG8275P, SM4635, SM6650, SM7250P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite", Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite", Snapdragon 8cx Compute Platform (SC8180X-AA, AB), Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro", Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro", Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB), Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon Wear 4100+ Platform, Snapdragon X24 LTE Modem, Snapdragon X35 5G Modem-RF System, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, SRV1H, SRV1L, SRV1M, SSG2115P, SSG2125P, SXR1230P, SXR2130, SXR2230P, SXR2250P, SXR2330P, TalynPlus, Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6755, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |

\*The list of affected chipsets may not be complete.
                For latest information, device OEMs can contact QTI directly at [www.qualcomm.com/support](https://www.qualcomm.com/support).

## Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities.
                Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible.
                Please contact the device manufacturer for information on the patching status of released devices.

| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
| --- | --- | --- | --- | --- |
| CVE-2024-45580 | High | High | DSP Service | Internal |
| CVE-2024-49836 | High | High | Camera Driver | Internal |
| CVE-2024-53014 | High | High | Audio | Internal |
| CVE-2024-53023 | High | High | Automotive Android OS | Internal |
| CVE-2024-53024 | High | High | Display | Internal |
| CVE-2024-53027 | High | High | WLAN Host | Internal |
| CVE-2025-21424 | High | High | Neural Processing Unit | 11/20/2024 |

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
| --- | --- | --- | --- | --- |
| CVE-2024-43055 | Medium | High | Camera Driver | 04/17/2024 |
| CVE-2024-43057 | Medium | High | Qualcomm IPC | 04/03/2024 |
| CVE-2024-43059 | Medium | High | Multimedia | 03/31/2024 |
| CVE-2024-43060 | Medium | High | Automotive Audio | 03/31/2024 |
| CVE-2024-43061 | Medium | High | Audio | 03/31/2024 |
| CVE-2024-43062 | Medium | High | Camera Driver | 03/05/2024 |

### CVE-2024-45580

| CVE ID | CVE-2024-45580 |
| --- | --- |
| Title | Use After Free in DSP Service |
| Description | Memory corruption while handling multuple IOCTL calls from userspace for remote invocation. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/11/04 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, QMP1000, SDM429W, SM8735, SM8750, SM8750P, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, SSG2115P, SSG2125P, SXR1230P, SXR2230P, SXR2250P, SXR2330P, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3620, WCN3660B, WCN3680B, WCN3980, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/9ce57911a09d908f17677b7e2736dc43d311cbfb" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/9ce57911a09d908f17677b7e2736dc43d311cbfb</a><br>                                       </li></ul> |

### CVE-2024-49836

| CVE ID | CVE-2024-49836 |
| --- | --- |
| Title | Improper Validation of Array Index in Camera |
| Description | Memory corruption may occur during the synchronization of the camera`s frame processing pipeline. |
| Technology Area | Camera Driver |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/11/04 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, QMP1000, SDM429W, SM8735, SM8750, SM8750P, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, SXR2230P, SXR2250P, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3620, WCN3660B, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/835eb9911677338e5d2269e6bc987a739816c325" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/835eb9911677338e5d2269e6bc987a739816c325</a><br>                                       </li></ul> |

### CVE-2024-53014

| CVE ID | CVE-2024-53014 |
| --- | --- |
| Title | Improper Validation of Array Index in Audio |
| Description | Memory corruption may occur while validating  ports and channels in Audio driver. |
| Technology Area | Audio |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | 315 5G IoT Modem, AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, MDM9628, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCC710, QCM2150, QCM2290, QCM4290, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCN9074, QCS2290, QCS410, QCS4290, QCS4490, QCS5430, QCS610, QCS6125, QCS6490, QCS7230, QCS8250, QCS8550, QEP8111, QFW7114, QFW7124, QMP1000, QRB5165M, QRB5165N, QSM8250, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SD 675, SD 8 Gen1 5G, SD660, SD675, SD730, SD855, SD865 5G, SD888, SDM429W, SDX55, SDX61, SG4150P, SG8275P, SM4125, SM4635, SM6250, SM6370, SM6650, SM7250P, SM7315, SM7325P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X35 5G Modem-RF System, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SRV1H, SRV1L, SRV1M, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2130, SXR2230P, SXR2250P, SXR2330P, TalynPlus, Vision Intelligence 400 Platform, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6740, WCN6755, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/audio-kernel-ar/-/commit/2d9a97ee810092401a0c985747cbc5ecca7c3b82" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/audio-kernel-ar/-/commit/2d9a97ee810092401a0c985747cbc5ecca7c3b82</a><br>                                       </li></ul> |

### CVE-2024-53023

| CVE ID | CVE-2024-53023 |
| --- | --- |
| Title | Use After Free in Automotive Android OS |
| Description | Memory corruption may occur while accessing a variable during extended back to back tests. |
| Technology Area | Automotive Android OS |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | AR8035, FastConnect 6900, FastConnect 7800, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCC710, QCM4325, QCM8550, QCN6224, QCN6274, QCS7230, QCS8250, QCS8550, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QRU1032, QRU1052, QRU1062, Qualcomm® Video Collaboration VC5 Platform, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SDM429W, SG4150P, SM8550P, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X35 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SRV1H, SRV1L, SRV1M, SW5100, SW5100P, SXR2230P, SXR2250P, Vision Intelligence 400 Platform, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCD9390, WCD9395, WCN3620, WCN3660B, WCN3950, WCN3988, WCN3990, WSA8810, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/0b46627abae31f40e95acfafb819c99f37a3d800<br>" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/0b46627abae31f40e95acfafb819c99f37a3d800<br></a><br>                                       </li><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/platform-kernel/-/commit/1d27c6dbe79ba6321b594253b4c748ead00a7548" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/platform-kernel/-/commit/1d27c6dbe79ba6321b594253b4c748ead00a7548</a><br>                                       </li></ul> |

### CVE-2024-53024

| CVE ID | CVE-2024-53024 |
| --- | --- |
| Title | NULL Pointer Dereference in Display |
| Description | Memory corruption in display driver while detaching a device. |
| Technology Area | Display |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCM4325, QCM4490, QCM5430, QCM6125, QCM6490, QCM8550, QCN6024, QCN9011, QCN9012, QCN9024, QCN9274, QCS410, QCS4490, QCS5430, QCS610, QCS6125, QCS615, QCS6490, QCS7230, QCS8250, QCS8300, QCS8550, QCS9100, QMP1000, QRB5165M, QRB5165N, QSM8350, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SD 8 Gen1 5G, SD888, SDM429W, SDX61, SG4150P, SG8275P, SM4635, SM6370, SM6650, SM7315, SM7325P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, SM8735, SM8750, SM8750P, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR1 Gen 1 Platform, Snapdragon AR1 Gen 1 Platform "Luna1", Snapdragon AR2 Gen 1 Platform, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, SRV1H, SRV1L, SRV1M, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2230P, SXR2250P, SXR2330P, TalynPlus, WCD9335, WCD9341, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN6450, WCN6650, WCN6740, WCN6755, WCN7750, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/display-drivers/-/commit/1b7471347e6c81fe68196c12b27ebffe0023503c" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/display-drivers/-/commit/1b7471347e6c81fe68196c12b27ebffe0023503c</a><br>                                       </li></ul> |

### CVE-2024-53027

| CVE ID | CVE-2024-53027 |
| --- | --- |
| Title | Buffer Copy Without Checking Size of Input  in WLAN Host |
| Description | Transient DOS may occur while processing the country IE. |
| Technology Area | WLAN Host |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2024/12/02 |
| Affected Chipsets\* | APQ8017, AR8035, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM9628, MDM9640, MSM8996AU, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6777AQ, QCA6787AQ, QCA6797AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCC2073, QCC2076, QCC710, QCM2290, QCM4290, QCM5430, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9024, QCN9274, QCS2290, QCS410, QCS4290, QCS4490, QCS5430, QCS610, QCS6125, QCS615, QCS6490, QCS7230, QCS8250, QCS8300, QCS8550, QCS9100, QEP8111, QFW7114, QFW7124, Qualcomm 205 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SD 8 Gen1 5G, SD660, SD835, SD865 5G, SD888, SDM429W, SDX61, SG4150P, SG8275P, SM4125, SM4635, SM6370, SM6650, SM7315, SM7325P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile PC Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X35 5G Modem-RF System, Snapdragon X5 LTE Modem, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1L, SRV1M, SW5100, SW5100P, SXR1120, SXR2130, SXR2230P, SXR2250P, SXR2330P, TalynPlus, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3610, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6650, WCN6740, WCN6755, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/60b5a666c28af4e0304326c5f4ae49ee2ee421da" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/60b5a666c28af4e0304326c5f4ae49ee2ee421da</a><br>                                       </li></ul> |

### CVE-2025-21424

| CVE ID | CVE-2025-21424 |
| --- | --- |
| Title | Use After Free in NPU |
| Description | Memory corruption while calling the NPU driver APIs concurrently. |
| Technology Area | Neural Processing Unit |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/11/20 |
| Customer Notified Date | 2025/01/06 |
| Affected Chipsets\* | 315 5G IoT Modem, AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, MDM9628, QAM8255P, QAM8295P, QAM8620P, QAM8650P, QAM8775P, QAMSRV1H, QAMSRV1M, QCA6174A, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCA9377, QCC710, QCM2150, QCM2290, QCM4290, QCM4325, QCM5430, QCM6125, QCM6490, QCM8550, QCN6024, QCN6224, QCN6274, QCN9011, QCN9012, QCN9024, QCN9074, QCS2290, QCS410, QCS4290, QCS5430, QCS610, QCS6125, QCS6490, QCS7230, QCS8155, QCS8250, QCS8550, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QEP8111, QFW7114, QFW7124, QRB5165M, QRB5165N, QRU1032, QRU1052, QRU1062, QSM8250, QSM8350, Qualcomm 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Qualcomm® Video Collaboration VC5 Platform, Robotics RB2 Platform, Robotics RB5 Platform, SA2150P, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA7255P, SA7775P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8255P, SA8295P, SA8530P, SA8540P, SA8620P, SA8650P, SA8770P, SA8775P, SA9000P, SD 675, SD660, SD675, SD730, SD855, SD865 5G, SD888, SDX55, SDX61, SG4150P, SG8275P, SM4125, SM4635, SM6250, SM6370, SM6650, SM7250P, SM7315, SM7325P, SM7635, SM7675, SM7675P, SM8550P, SM8635, SM8635P, SM8650Q, Smart Audio 400 Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8 Gen 3 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF, Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X12 LTE Modem, Snapdragon X35 5G Modem-RF System, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SRV1H, SRV1L, SRV1M, SW5100, SW5100P, SXR2130, SXR2330P, Vision Intelligence 400 Platform, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6450, WCN6650, WCN6740, WCN6755, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/5c5c9b3ad2074d8be0beb1067661a2c4d8992d8e<br>" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/5c5c9b3ad2074d8be0beb1067661a2c4d8992d8e<br></a><br>                                       </li><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/7d529ad308341efaf235f06355967d7a34c8064f<br>" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/7d529ad308341efaf235f06355967d7a34c8064f<br></a><br>                                       </li><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/a2fb963d08bc5887a20dc64a32a766195391fa39<br>" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/a2fb963d08bc5887a20dc64a32a766195391fa39<br></a><br>                                       </li><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/c416dda317feeb2fadf978533a267cb05d8b32b8<br>" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/c416dda317feeb2fadf978533a267cb05d8b32b8<br></a><br>                                       </li><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/ab5bed7938b5d6450054a85d262011c2e43f171c" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/ab5bed7938b5d6450054a85d262011c2e43f171c</a><br>                                       </li></ul> |

### CVE-2024-43055

| CVE ID | CVE-2024-43055 |
| --- | --- |
| Title | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera\_Linux |
| Description | Memory corruption while processing camera use case IOCTL call. |
| Technology Area | Camera Driver |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/04/17 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, SDM429W, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 1 Mobile Platform, SXR2230P, SXR2250P, WCD9380, WCD9385, WCN3620, WCN3660B, WSA8830, WSA8832, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/7b136df2f1ecb80b03d33703da7438cb2b362094" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/7b136df2f1ecb80b03d33703da7438cb2b362094</a><br>                                       </li></ul> |

### CVE-2024-43057

| CVE ID | CVE-2024-43057 |
| --- | --- |
| Title | Use After Free in MProc |
| Description | Memory corruption while processing command in Glink linux. |
| Technology Area | Qualcomm IPC |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/04/03 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | AR8035, C-V2X 9150, CSR8811, FastConnect 6800, FastConnect 6900, FastConnect 7800, FSM10056, FSM20055, FSM20056, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5010, IPQ5028, IPQ5300, IPQ5302, IPQ5312, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9048, IPQ9554, IPQ9570, IPQ9574, PMP8074, QAM8295P, QCA0000, QCA4024, QCA6174A, QCA6391, QCA6426, QCA6436, QCA6574AU, QCA6584AU, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9888, QCA9889, QCC710, QCF8000, QCF8000SFP, QCF8001, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN6224, QCN6274, QCN6402, QCN6412, QCN6422, QCN6432, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9160, QCN9274, QCS410, QCS610, QFW7114, QFW7124, QSM8250, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, QXM8083, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD865 5G, SDM429W, SDX55, SDX65M, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF Gen 2, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, Snapdragon XR2 5G Platform, SW5100, SW5100P, SXR2130, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/f28a966b30b66411280b38dea2c190fcf592f4c7" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/f28a966b30b66411280b38dea2c190fcf592f4c7</a><br>                                       </li></ul> |

### CVE-2024-43059

| CVE ID | CVE-2024-43059 |
| --- | --- |
| Title | Use After Free in Automotive Multimedia |
| Description | Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/03/31 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, QAM8255P, QAM8775P, SA8255P, SA8770P, SA8775P, SA9000P, SDM429W, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 1 Mobile Platform, SXR2230P, SXR2250P, WCD9380, WCD9385, WCN3620, WCN3660B, WSA8830, WSA8832, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/816217c784a45c13ccfbc8fcccd744b5ca204b54" target="_blank">https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/816217c784a45c13ccfbc8fcccd744b5ca204b54</a><br>                                       </li></ul> |

### CVE-2024-43060

| CVE ID | CVE-2024-43060 |
| --- | --- |
| Title | Use of Out-of-range Pointer Offset in Automotive Audio |
| Description | Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. |
| Technology Area | Automotive Audio |
| Vulnerability Type | CWE-823 Use of Out-of-range Pointer Offset |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/03/31 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | AR8035, FastConnect 6900, FastConnect 7800, QAM8295P, QCA6574AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCC710, QCN6224, QCN6274, QCS8550, QFW7114, QFW7124, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8530P, SA8540P, SA9000P, SDM429W, Snapdragon 429 Mobile Platform, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SXR2230P, SXR2250P, WCD9340, WCD9380, WCD9385, WCN3620, WCN3660B, WSA8830, WSA8832, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-/commit/312431e92dfd02ef03c995b57a79254ff4ddc00f" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-/commit/312431e92dfd02ef03c995b57a79254ff4ddc00f</a><br>                                       </li></ul> |

### CVE-2024-43061

| CVE ID | CVE-2024-43061 |
| --- | --- |
| Title | Use After Free in Audio |
| Description | Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is empty in HLOS drive. |
| Technology Area | Audio |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/03/31 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, QAM8295P, QCA6574AU, QCA6696, QCA9367, QCA9377, QCS8550, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8530P, SA8540P, SA9000P, SDM429W, Snapdragon 429 Mobile Platform, SXR2230P, SXR2250P, WCD9380, WCD9385, WCN3620, WCN3660B, WSA8830, WSA8832, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-/commit/312431e92dfd02ef03c995b57a79254ff4ddc00f" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/audio-kernel/-/commit/312431e92dfd02ef03c995b57a79254ff4ddc00f</a><br>                                       </li></ul> |

### CVE-2024-43062

| CVE ID | CVE-2024-43062 |
| --- | --- |
| Title | Use After Free in Camera Linux |
| Description | Memory corruption caused by missing locks and checks on the DMA fence and improper synchronization. |
| Technology Area | Camera Driver |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2024/03/05 |
| Customer Notified Date | 2024/09/02 |
| Affected Chipsets\* | FastConnect 6900, FastConnect 7800, SDM429W, Snapdragon 429 Mobile Platform, Snapdragon 8 Gen 1 Mobile Platform, SXR2230P, SXR2250P, WCD9380, WCD9385, WCN3620, WCN3660B, WSA8830, WSA8832, WSA8835 |
| Patch\*\* | <ul><li><br>                                             <a class="word-wrap" href="https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/386cf6eaecdad61393463134324b6b79d4c31505" target="_blank">https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/386cf6eaecdad61393463134324b6b79d4c31505</a><br>                                       </li></ul> |

\* The list of affected chipsets may not be complete.
                For latest information, device OEMs can contact QTI directly at [www.qualcomm.com/support](https://www.qualcomm.com/support).

\*\* Data is generated only at the time of bulletin creation

## Industry Coordination

Security ratings of issues included in Android security
                bulletins and these bulletins match in the most common scenarios but may
                differ in some cases due to one of the following reasons:

- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific
                    scenarios that involves local denial of service or privilege escalation
                    vulnerabilities in the high level OS kernel

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.

San Diego, CA 92121

U.S.A.

© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.