CVE-2024-49833

CVE-2024-49833 is a memory corruption vulnerability (CWE-129) in the camera component of Qualcomm products, triggered when an invalid Camera ID (CID) is used. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability. The issue stems from improper validation leading to memory corruption.

A local attacker with low privileges, such as a standard user on the affected system, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could allow arbitrary code execution, data tampering, or system crashes within the camera subsystem's scope, potentially compromising the device.

Qualcomm has published a security bulletin detailing the vulnerability and associated patches: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html. Security practitioners should apply the recommended updates from the February 2025 bulletin to mitigate the risk.