Free Demo

Trending

Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
Report: Global Cybersecurity Report 2025          Report: Europe Threat Landscape Report 2025          Report: APAC Cyber Threat Landscape Report 2025          Report: North America Cyber Threat Landscape Report 2025          Report: META Threat Landscape Report 2025          Recognition: Cyble Recognized in the Gartner® Hype Cycle™ for Cyber-Risk Management, 2025          Recognition: Cyble Named a Sample Vendor in Gartner® Hype Cycle™ for Managed IT Services 2025         
HomeBlog
OEMs Are Urged to Address Vulnerabilities in Device Communication
Cyble-Blogs-OEMs

OEMs Are Urged to Address Vulnerabilities in Device Communication

Qualcomm's 2024 Security Bulletin reveals critical vulnerabilities, including CVE-2024-43047, linked to the FASTRPC driver, urging OEMs to implement patches urgently

Overview

Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google’s Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE-2024-43047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role in device communication processes. Exploitation of this vulnerability can lead to severe security breaches, potentially allowing unauthorized access to sensitive data.

Considering this, original equipment manufacturers (OEMs) have received patches designed to rectify this flaw, and they are strongly encouraged to implement these updates without delay. Users concerned about the implications of this vulnerability should contact their device manufacturers for specific patch details and guidance.

Google has publicly acknowledged the contributions of various researchers who have been instrumental in identifying and reporting several critical security flaws. Among these notable contributions is CVE-2024-33066, identified by Claroty Research in partnership with Trend Micro. This collaboration highlights the importance of teamwork in discovering and mitigating potential threats.

Another key vulnerability, CVE-2024-21455, was reported by Seth Jenkins from Google Project Zero, demonstrating the ongoing commitment of researchers to enhance security measures across various platforms. Additionally, Xiling Gong identified CVE-2024-38399, further contributing to the collective knowledge needed to protect users against cybersecurity threats.

Most prominently, CVE-2024-43047 was brought to light by a team that included Seth Jenkins, Conghui Wang, and the Amnesty International Security Lab.

 Overview of Vulnerabilities and Patches

Recent vulnerability assessments have revealed a concerning mix of high- and moderate-impact vulnerabilities across proprietary and open-source software. Understanding the nature and severity of these vulnerabilities is critical for grasping their potential impact on device security.

report-ad-banner

Among the high-impact vulnerabilities, CVE-2024-33066, associated with the WLAN Resource Manager, stands out. This critical flaw was reported on September 6, 2023, and has been assigned a CVSS score of 9.8, indicating its severe nature. Another vulnerability is CVE-2024-21455, related to the DSP Service. Reported on June 11, 2024, it carries a high-security rating with a CVSS score of 8.0.

Moderate impact vulnerabilities have also been identified, including CVE-2024-23375, which relates to the Radio Interface Layer. This issue was flagged on November 27, 2023, and is rated medium with a CVSS score of 5.5. Another moderate vulnerability, CVE-2024-38425, related to performance, was reported on January 23, 2024.

A detailed analysis of critical vulnerabilities reveals specific challenges that need to be addressed. For instance, CVE-2024-33064 involves a buffer over-read in WLAN host communication, which could allow for information disclosure during data transmission. Another vulnerability, CVE-2024-33069, is characterized as a “Use After Free” issue that can lead to a transient denial of service, disrupting communication between devices. Additionally, CVE-2024-38399 highlights a similar “Use After Free” vulnerability in graphics processing, which can result in memory corruption and negatively impact device functionality.

Moreover, vulnerabilities related to multimedia and power management integrated circuits (ICs) require attention, as they pose risks to device integrity and user privacy.

Conclusion

The ongoing battle against cybersecurity threats requires a collective effort from researchers, manufacturers, and users alike. As demonstrated by the vulnerabilities highlighted in the latest report from Google’s Threat Analysis Group, proactive measures and timely patch implementations are key to maintaining secure systems.

Recommendations and Mitigations

  • Users should stay informed about vulnerabilities affecting their devices.
  • Regular updates and patch installations are crucial for mitigating risks associated with known vulnerabilities.
  • Engaging with device manufacturers for patch information is essential.
  • Timely updates can significantly reduce the potential for exploitation.
  • Manufacturers must prioritize the deployment of patches.
  • Quick implementation of security measures protects end-users.
  • Prompt action also upholds manufacturers’ reputations in a security-conscious market.

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.
why cyble

Get Threat Assessment Report

Identify External Threats Targeting Your Business​
Get My Report
Free
Cyble Vision

Threat Landscape Reports 2025

Global cybersecurity report
Europe cyber landscape
APAC Cyber Threat Landscape
North America Cyber Threat Landscape Report
META Threat Landscape
Australia New Zealand threat report

Upcoming Webinars

global-webinar-banner
Stay-Ahead-of-Cyber-Threats
CISO's Guide to Threat Intelligence 2024

CISO’s Guide to Threat Intelligence 2024: Best Practices

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free E-Book Now

Cyble | Amazon Music
Azure-MP-logo
google-ad-cyble
Share the Post:

Related Posts

Scroll to Top

Discover more from Cyble

Subscribe now to keep reading and get access to the full archive.

Continue reading