Qualcomm Automotive Software Memory Corruption Vulnerability via Repeated Unmap Requests
Vulnerability
A use-after-free vulnerability has been identified in the automotive software platform based on QNX, specifically within Qualcomm's proprietary code. This vulnerability arises from memory corruption when handling repeated memory unmap requests from a guest virtual machine. The issue could potentially be exploited, leading to memory management errors and allowing for unauthorized memory access or manipulation.
Impact
Exploitation of this vulnerability causes memory corruption, which can lead to improper memory management, allowing for potential unauthorized access to memory or manipulation of memory contents.
Remediation
Qualcomm has notified device manufacturers about this vulnerability and is actively sharing patches. For information on the patching status of released devices, contact the device manufacturer.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.