Full Report
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. [...]
Analysis Summary
# Vulnerability: Qualcomm Adreno GPU Zero-Days Exploited for Persistent Spyware Installation
## CVE Details
- CVE ID: CVE-2024-43047 (Mentioned explicitly; others are implied but not detailed)
- CVSS Score: Not specified in the provided text.
- CWE: Not specified in the provided text.
## Affected Systems
- Products: Qualcomm Adreno GPU Drivers and Compute DSP Drivers (Specific hardware/device models not listed, but impacts Android devices utilizing these components).
- Versions: Vulnerable versions are not specified, only that patches are available.
- Configurations: The context implies vulnerabilities exist in driver implementation that allow privilege escalation or persistent installation of malware (NoviSpy).
## Vulnerability Description
Three zero-day vulnerabilities affecting Qualcomm's Adreno GPU and Compute DSP drivers were discovered, at least one of which (CVE-2024-43047) was being actively exploited. The primary identified exploitation involved an exploit chain used in conjunction with Cellebrite software to install NoviSpy spyware persistently at the kernel level, bypassing Android's security mechanisms.
## Exploitation
- Status: Exploited in the wild (Specifically mentioned Serbian BIA utilizing CVE-2024-43047 to unlock seized devices and install NoviSpy).
- Complexity: Implied High/Medium, as it involves chaining vulnerabilities to achieve persistent kernel-level installation.
- Attack Vector: Local/Device interaction (via tools like Cellebrite), potentially leading to remote compromise if chaining is possible through other vectors.
## Impact
- Confidentiality: High (NoviSpy spyware, which can access sensitive data, was installed).
- Integrity: High (Kernel-level persistence implies deep system modification).
- Availability: Low to Medium (The primary goal appears to be surveillance/data extraction rather than system denial).
## Remediation
### Patches
- Qualcomm has released fixes for the vulnerabilities, which are typically distributed via security updates to device manufacturers. (Specific patch versions are not provided in the text).
### Workarounds
- No specific vendor workarounds are detailed in the provided summary. Implied immediate mitigation would be applying available security updates from device OEMs.
## Detection
- Detection primarily relies on identifying post-exploitation artifacts, such as the presence of NoviSpy spyware, particularly if installed persistently at the kernel level.
- Google's Threat Analysis Group (TAG) was instrumental in discovering the attacks.
## References
- Vendor advisories: Qualcomm Security Bulletins (Implied, based on security fixes).
- Relevant links - defanged:
- bleepingcomputer com/news/security/new-android-novispy-spyware-linked-to-qualcomm-zero-day-bugs/
- bleepingcomputer com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/