CVE-2024-43047

ENISA EUVD: EUVD-2024-40024 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 11 articles Published: 2024-10-07
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
1.75%
probability
This CVE has a 1.75% probability of being exploited in the next 30 days.
0% Top 82.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Memory corruption while maintaining memory maps of HLOS memory.

Affected Products

Qualcomm, Inc.
Snapdragon
FastConnect 6700 FastConnect 6800 FastConnect 6900 FastConnect 7800 QAM8295P QCA6174A

Attack Intelligence

Google Project Zero

Discovered
July 29, 2024
Patched
Oct. 7, 2024
Reported by
Seth Jenkins from Google Project Zero
Root Cause Analysis
???

Signal Intelligence

Confidence
92%
EPSS 1.75%
CVSS v3.1 7.8
Mentions 11
Last Seen Aug 05, 2025

CNA Information

CNA Assigner
qualcomm
CNA Title
Use After Free in DSP Service

Analyst Note

This memory corruption vulnerability in Qualcomm Snapdragon has been actively exploited in real-world attacks and patched by both Qualcomm and Google, with coverage from Google Project Zero and multiple high-signal security news sources confirming active exploitation. The HIGH CVSS score (7.8) combined with confirmed zero-day exploitation status and vendor patches provides strong evidence supporting the CONFIRMED classification.

Threat Actors 3

Harvester
apt_group Information theft and espionage Unknown
[Unnamed group]
apt_group 🇨🇳 CN
Soft Cell
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026
Published DateOct 07, 2024