CVE-2024-49832

High

Published: 03 February 2025

Published

03 February 2025

Modified

05 February 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

Security Summary

CVE-2024-49832 is a memory corruption vulnerability in the Camera component, caused by an unusually high number of nodes passed to the AXI port. It is associated with CWE-129 (Improper Validation of Array Index) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-02-03.

A local attacker with low privileges can exploit this issue through low-complexity attacks requiring no user interaction. Successful exploitation enables high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service.

Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html, details affected products and recommended mitigations or patches.

Details

CWE(s): CWE-129

Affected Products

qualcomm

fastconnect 6900 firmware

all versions

qualcomm

fastconnect 7800 firmware

all versions

qualcomm

qcs6490 firmware

all versions

qualcomm

video collaboration vc3 platform firmware

all versions

qualcomm

sdm429w firmware

all versions

qualcomm

sm8750 firmware

all versions

qualcomm

sm8750p firmware

all versions

qualcomm

snapdragon 429 mobile firmware

all versions

qualcomm

snapdragon 8 gen 1 mobile firmware

all versions

qualcomm

snapdragon 8 gen 3 mobile firmware

all versions

+15 more product configuration(s) — see NVD for full list

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com