CVE-2024-43047 Qualcomm CVE debrief

Who should care

Security teams, OEMs, device fleet operators, and administrators responsible for Qualcomm-based hardware or downstream products that incorporate Qualcomm chipsets should prioritize this issue.

Technical summary

The available source corpus identifies CVE-2024-43047 as a use-after-free vulnerability affecting multiple Qualcomm chipsets. CISA’s KEV entry places the issue on the federal exploitation watchlist as of 2024-10-08 and recommends following vendor remediation or mitigation guidance. No further technical exploit details are provided in the supplied sources.

Defensive priority

High / urgent. KEV inclusion means this vulnerability should be treated as actively exploited or of immediate exploitation concern, with remediation prioritized ahead of routine patch cycles.

Recommended defensive actions

• Check whether any in-scope devices, appliances, or embedded systems use affected Qualcomm chipsets.
• Apply vendor-provided remediations or mitigations as soon as they are available.
• If remediation or mitigation is unavailable, follow CISA guidance to discontinue use of the affected product.
• Track downstream vendor advisories for products that embed Qualcomm components.
• Validate exposure across device inventories, including managed endpoints, network devices, and embedded platforms.
• Confirm remediation status before the CISA KEV due date of 2024-10-29 where applicable.

Evidence notes

The supplied corpus provides only a high-level vulnerability description, a Qualcomm multiple-chipsets attribution, and the CISA KEV entry. It does not include CVSS data, specific affected chipset models, attack prerequisites, or impact details. All statements here are limited to the official CVE/CISA records and the supplied metadata.

Official resources