Preface: There are four global satellite navigation systems, currently GPS (United States), GLONASS (Russian Federation), Beidou (China) and Galileo (European Union).

Background: Android Opensource is called HLOS. Qualcomm’s proprietary one is called non-HLOS.

The Android on Snapdragon architecture is built to allow for common feature adoption across devices with Snapdragon. It represents the software features and functionalities available on Qualcomm® reference devices and provided to OEMs for design into their Android mobile devices and tablets.

Global Navigation Satellite System ( GNSS ) refers to any satellite constellation that provides global positioning, navigation, and timing services. Several GNSS are currently available: BeiDou (China) , Galileo (EU), GPS (USA) and GLONASS (Russia). On Oct 2022, Rx Networks, Inc., a GNSS data services company, announced the availability of TruePoint.io precise location services on Qualcomm’s Snapdragon 8 Gen 1 and Snapdragon 888 5G Mobile Platforms.

Vulnerability details: Memory corruption during GNSS HAL process initialization.

Technology Area: GPS HLOS Driver

CWE-416: Use After Free

Official announcement: Please refer to the official announcement for details – https://nvd.nist.gov/vuln/detail/CVE-2024-38424