CVE-2024-43063 – Qualcomm Snapdragon Chipsets Mailbox Read API Information Disclosure Vulnerability

Vulnerability

A buffer over-read vulnerability has been identified in various chipsets of Qualcomm Snapdragon products, specifically within the Automotive Autonomy technology area. This vulnerability allows information disclosure while invoking the mailbox read API, potentially leading to unauthorized access to sensitive data.

Impact

Exploitation of this vulnerability can result in information disclosure, allowing unauthorized access to data that may be sensitive or confidential.

Remediation

Qualcomm has notified customers about this vulnerability and is actively sharing patches with device manufacturers. Instructions for applying the patch can be found in the Qualcomm January 2025 Security Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Affected Products

Qualcomm QAM8255P

0 remedies

cpe:2.3:h:qualcomm:qam8255p:*:*:*:*:*:*:*, +1 more

0 remedies

>= QAM8255P
<= QAM8255P

Qualcomm QAM8295P

0 remedies

cpe:2.3:h:qualcomm:qam8295p:*:*:*:*:*:*:*, +1 more

0 remedies

>= QAM8295P
<= QAM8295P

Qualcomm QAM8650P

0 remedies

cpe:2.3:h:qualcomm:qam8650p:*:*:*:*:*:*:*, +1 more

0 remedies

>= QAM8650P
<= QAM8650P

Qualcomm QAM8775P

0 remedies

cpe:2.3:h:qualcomm:qam8775p:*:*:*:*:*:*:*, +1 more

0 remedies

>= QAM8775P
<= QAM8775P

Qualcomm QAMSRV1H

0 remedies

cpe:2.3:h:qualcomm:qamsrv1h:*:*:*:*:*:*:*, +3 more

0 remedies

>= QAMSRV1H
>= QAMSRV1M
<= QAMSRV1H
<= QAMSRV1M

Qualcomm QCA6595

0 remedies

cpe:2.3:h:qualcomm:qca6595:*:*:*:*:*:*:*, +1 more

0 remedies

>= QCA6595
<= QCA6595

Qualcomm QCA6595AU

0 remedies

cpe:2.3:h:qualcomm:qca6595au:*:*:*:*:*:*:*, +1 more

0 remedies

>= QCA6595AU
<= QCA6595AU

Qualcomm QCA6696

0 remedies

cpe:2.3:h:qualcomm:qca6696:*:*:*:*:*:*:*, +1 more

0 remedies

>= QCA6696
<= QCA6696

Qualcomm QCA6698AQ

0 remedies

cpe:2.3:h:qualcomm:qca6698aq:*:*:*:*:*:*:*, +1 more

0 remedies

>= QCA6698AQ
<= QCA6698AQ

Qualcomm SA8255P

0 remedies

cpe:2.3:h:qualcomm:sa8255p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8255P
<= SA8255P

Qualcomm SA8295P

0 remedies

cpe:2.3:h:qualcomm:sa8295p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8295P
<= SA8295P

Qualcomm SA8540P

0 remedies

cpe:2.3:h:qualcomm:sa8540p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8540P
<= SA8540P

Qualcomm SA8650P

0 remedies

cpe:2.3:h:qualcomm:sa8650p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8650P
<= SA8650P

Qualcomm SA8770P

0 remedies

cpe:2.3:h:qualcomm:sa8770p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8770P
<= SA8770P

Qualcomm SA8775P

0 remedies

cpe:2.3:h:qualcomm:sa8775p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA8775P
<= SA8775P

Qualcomm SA9000P

0 remedies

cpe:2.3:h:qualcomm:sa9000p:*:*:*:*:*:*:*, +1 more

0 remedies

>= SA9000P
<= SA9000P

Qualcomm SRV1H

0 remedies

cpe:2.3:h:qualcomm:srv1h:*:*:*:*:*:*:*, +5 more

0 remedies

>= SRV1H
>= SRV1L
>= SRV1M
<= SRV1H
<= SRV1L
<= SRV1M

CVSS Scores

volerion

6.8

CVSS 4.0

6.8

Medium

volerion

5.5

CVSS 3.1

5.5

Medium

nvd@nist.gov

5.5

CVSS 3.1

5.5

Medium

Vendor

6.1

CVSS 3.1

6.1

Medium

Click a row to open the calculator.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2025-bulletin.html

AdvisoryBundleRemedyVendor

Showing 1-1 of 1 references

Qualcomm Snapdragon Chipsets Mailbox Read API Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Qualcomm QAM8255P

Qualcomm QAM8295P

Qualcomm QAM8650P

Qualcomm QAM8775P

Qualcomm QAMSRV1H

Qualcomm QCA6595

Qualcomm QCA6595AU

Qualcomm QCA6696

Qualcomm QCA6698AQ

Qualcomm SA8255P

Qualcomm SA8295P

Qualcomm SA8540P

Qualcomm SA8650P

Qualcomm SA8770P

Qualcomm SA8775P

Qualcomm SA9000P

Qualcomm SRV1H

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating