#VU101152 Input validation error in Qualcomm products - CVE-2024-43052
Published: December 3, 2024
Vulnerability identifier: #VU101152
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-43052
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8017
MSM8909W
QCA6174A
QCA9379
QCM2150
SDM429W
SDX55
SXR2130
WSA8832
APQ8037
FastConnect 6800
FastConnect 6900
FastConnect 7800
Home Hub 100 Platform
MSM8108
MSM8209
MSM8608
PM8937
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QCM8550
QCN9274
QCS7230
QCS8250
QCS8550
QET4101
QSM8250
QSW8573
Qualcomm 205 Mobile Platform
Qualcomm 215 Mobile Platform
Qualcomm Video Collaboration VC5 Platform
SC8380XP
SD865 5G
SG8275P
SM8550P
SM8635
SM8750
SM8750P
Smart Audio 200 Platform
Snapdragon 208 Processor
Snapdragon 210 Processor
Snapdragon 212 Mobile Platform
Snapdragon 425 Mobile Platform
Snapdragon 427 Mobile Platform
Snapdragon 429 Mobile Platform
Snapdragon 430 Mobile Platform
Snapdragon 435 Mobile Platform
Snapdragon 439 Mobile Platform
Snapdragon 8 Gen 2 Mobile Platform
Snapdragon 8 Gen 3 Mobile Platform
Snapdragon 8+ Gen 2 Mobile Platform
Snapdragon 865 5G Mobile Platform
Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Snapdragon 870 5G Mobile Platform (SM8250-AC)
Snapdragon Wear 2100 Platform
Snapdragon Wear 2500 Platform
Snapdragon Wear 3100 Platform
Snapdragon Wear 4100+ Platform
Snapdragon X55 5G Modem-RF System
Snapdragon XR2 5G Platform
Snapdragon XR2+ Gen 1 Platform
WCD9326
WCD9335
WCD9370
WCD9375
WCD9380
WCD9385
WCD9390
WCD9395
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3980
WCN6755
WCN7860
WCN7861
WCN7880
WCN7881
WSA8810
WSA8815
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
APQ8017
MSM8909W
QCA6174A
QCA9379
QCM2150
SDM429W
SDX55
SXR2130
WSA8832
APQ8037
FastConnect 6800
FastConnect 6900
FastConnect 7800
Home Hub 100 Platform
MSM8108
MSM8209
MSM8608
PM8937
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QCM8550
QCN9274
QCS7230
QCS8250
QCS8550
QET4101
QSM8250
QSW8573
Qualcomm 205 Mobile Platform
Qualcomm 215 Mobile Platform
Qualcomm Video Collaboration VC5 Platform
SC8380XP
SD865 5G
SG8275P
SM8550P
SM8635
SM8750
SM8750P
Smart Audio 200 Platform
Snapdragon 208 Processor
Snapdragon 210 Processor
Snapdragon 212 Mobile Platform
Snapdragon 425 Mobile Platform
Snapdragon 427 Mobile Platform
Snapdragon 429 Mobile Platform
Snapdragon 430 Mobile Platform
Snapdragon 435 Mobile Platform
Snapdragon 439 Mobile Platform
Snapdragon 8 Gen 2 Mobile Platform
Snapdragon 8 Gen 3 Mobile Platform
Snapdragon 8+ Gen 2 Mobile Platform
Snapdragon 865 5G Mobile Platform
Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Snapdragon 870 5G Mobile Platform (SM8250-AC)
Snapdragon Wear 2100 Platform
Snapdragon Wear 2500 Platform
Snapdragon Wear 3100 Platform
Snapdragon Wear 4100+ Platform
Snapdragon X55 5G Modem-RF System
Snapdragon XR2 5G Platform
Snapdragon XR2+ Gen 1 Platform
WCD9326
WCD9335
WCD9370
WCD9375
WCD9380
WCD9385
WCD9390
WCD9395
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3980
WCN6755
WCN7860
WCN7861
WCN7880
WCN7881
WSA8810
WSA8815
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Video Analytics and Processing. A local application can execute arbitrary code.
Remediation
Install security update from vendor's website.