Skip to main content
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Use-after-free in Qualcomm DSP service / Android kernel components

IdentifiersCVE-2024-43047CWE-416· Use After Free

CVE-2024-43047 is a high-severity use-after-free vulnerability affecting closed-source Qualcomm components used by Android, described in multiple sources as residing in the Qualcomm Digital Signal Processor (DSP) service and affecting Android kernel-related components across numerous Qualcomm chipsets. The available context indicates the flaw can be triggered during DSP updates to header buffers involving unused DMA handle file descriptors; if an invalid DMA handle FD matches an FD already in use, a use-after-free condition can occur. Qualcomm also describes the issue at a higher level as memory corruption while maintaining memory maps of HLOS memory. Successful exploitation can corrupt memory and has been reported as exploited in limited, targeted attacks.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can lead to memory corruption and elevation of privileges on affected Android devices. The context indicates attackers may be able to compromise targeted devices, and public reporting ties exploitation of this vulnerability to limited, targeted attacks, including NoviSpy spyware activity attributed to Serbian government use. Because the flaw affects privileged Qualcomm DSP/kernel-adjacent components, impact can extend beyond denial of service to device compromise and post-exploitation enablement.

Mitigation

If you can’t patch tonight, do this now.

Where patches are not yet available, reduce exposure by restricting use of untrusted or high-risk applications, limiting physical access to devices, and prioritizing high-risk users and devices for replacement or accelerated OEM update channels. Given reported in-the-wild targeted exploitation and spyware linkage, organizations should monitor for signs of device compromise, enforce rapid mobile OS update policies, and consider isolating or retiring unsupported Android devices that cannot receive current security fixes.

Remediation

Patch, then assume compromise.

Apply Qualcomm's patch for CVE-2024-43047, which Qualcomm states was released in October 2024, and install the Android November 2024 security updates or later. Devices showing Android security patch level 2024-11-05 or later are described as containing the relevant fixes. Because patch delivery depends on OEMs, affected organizations should verify patch availability with device manufacturers and prioritize rollout on exposed or high-risk fleets.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommFastconnect 6700 Firmwareoperating_system
QualcommFastconnect 6800 Firmwareoperating_system
QualcommFastconnect 6900 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommQam8295p Firmwareoperating_system
QualcommQca6174a Firmwareoperating_system
QualcommQca6391 Firmwareoperating_system
QualcommQca6426 Firmwareoperating_system
QualcommQca6436 Firmwareoperating_system
QualcommQca6574au Firmwareoperating_system
QualcommQca6584au Firmwareoperating_system
QualcommQca6595 Firmwareoperating_system
QualcommQca6595au Firmwareoperating_system
QualcommQca6688aq Firmwareoperating_system
QualcommQca6696 Firmwareoperating_system
QualcommQca6698aq Firmwareoperating_system
QualcommQcs410 Firmwareoperating_system
QualcommQcs610 Firmwareoperating_system
QualcommQcs6490 Firmwareoperating_system
QualcommQualcomm Video Collaboration Vc1 Platform Firmwareoperating_system
QualcommQualcomm Video Collaboration Vc3 Platform Firmwareoperating_system
QualcommSa4150p Firmwareoperating_system
QualcommSa4155p Firmwareoperating_system
QualcommSa6145p Firmwareoperating_system
QualcommSa6150p Firmwareoperating_system
QualcommSa6155p Firmwareoperating_system
QualcommSa8145p Firmwareoperating_system
QualcommSa8150p Firmwareoperating_system
QualcommSa8155p Firmwareoperating_system
QualcommSa8195p Firmwareoperating_system
QualcommSa8295p Firmwareoperating_system
QualcommSd660 Firmwareoperating_system
QualcommSd865 5g Firmwareoperating_system
QualcommSg4150p Firmwareoperating_system
QualcommSm6225-Ad Firmwareoperating_system
QualcommSnapdragon 660 Mobile Firmwareoperating_system
QualcommSnapdragon 660 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 680 4g Mobile Firmwareoperating_system
QualcommSnapdragon 680 4g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 685 4g Mobile Firmwareoperating_system
QualcommSnapdragon 8 Gen 1 Mobile Firmwareoperating_system
QualcommSnapdragon 8 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 865 5g Mobile Firmwareoperating_system
QualcommSnapdragon 865 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 865+ 5g Firmwareoperating_system
QualcommSnapdragon 865+ 5g Mobile Firmwareoperating_system
QualcommSnapdragon 870 5g Mobile Firmwareoperating_system
QualcommSnapdragon 870 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 888 5g Mobile Firmwareoperating_system
QualcommSnapdragon 888 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 888+ 5g Mobile Firmwareoperating_system
QualcommSnapdragon 888+ 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon Auto 5g Modem-Rf Firmwareoperating_system
QualcommSnapdragon Auto 5g Modem-Rf Gen 2 Firmwareoperating_system
QualcommSnapdragon X55 5g Modem-Rf Firmwareoperating_system
QualcommSnapdragon X55 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon Xr2 5g Firmwareoperating_system
QualcommSnapdragon Xr2 5g Platform Firmwareoperating_system
QualcommSw5100 Firmwareoperating_system
QualcommSw5100p Firmwareoperating_system
QualcommSxr2130 Firmwareoperating_system
QualcommVideo Collaboration Vc1 Firmwareoperating_system
QualcommVideo Collaboration Vc1 Platform Firmwareoperating_system
QualcommVideo Collaboration Vc3 Firmwareoperating_system
QualcommVideo Collaboration Vc3 Platform Firmwareoperating_system
QualcommWcd9335 Firmwareoperating_system
QualcommWcd9341 Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9380 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3980 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn3990 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app
dark readingNews
Mar 3, 2026
Qualcomm Zero-Day Exploited in Targeted Android Attacks

A previously disclosed Qualcomm zero-day referenced as having been linked to commercial spyware tooling (per Amnesty International Security Lab), used here as an analogy for the language used in exploitation disclosures.

Read more
bleeping computerNews
Aug 5, 2025
Android gets patches for Qualcomm flaws exploited in attacks

An Android zero-day vulnerability used in NoviSpy spyware attacks attributed to Serbian government activity; patched by Google and tagged as exploited.

Read more
zeropath blogNews
Jul 8, 2025
Qualcomm Video Firmware Flaw CVE-2025-27043: Memory Corruption Risk Explained - ZeroPath Blog | ZeroPath

A use-after-free vulnerability in Qualcomm DSP firmware referenced as part of vendor security history.

Read more
hackmageddonNews
Apr 18, 2025
16-31 December 2024 Cyber Attacks Timeline

A Qualcomm zero-day vulnerability (CVE-2024-43047) exploited to unlock and infect Android devices with spyware (NoviSpy), used for targeted surveillance by the Serbian government.

Read more
+5 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence1

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2024-43047
NVD
nvd.nist.gov/vuln/detail/CVE-2024-43047
MITRE CWE · CWE-416
Use After Free
Patch
docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43047