CVE-2024-49834

CVE-2024-49834 is a memory corruption vulnerability (CWE-129) occurring during the power-up or power-down sequence of the camera sensor in Qualcomm products. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability. The issue affects components within Qualcomm chipsets or devices that handle camera sensor operations.

A local attacker with low privileges can exploit this vulnerability without user interaction by triggering the faulty power sequence, leading to memory corruption. Successful exploitation could allow the attacker to gain high-level control over the affected system, potentially executing arbitrary code, escalating privileges, or causing denial of service through crashes or data corruption.

Qualcomm's February 2025 security bulletin provides details on affected products and recommends applying the latest firmware or software patches to mitigate the vulnerability, as outlined at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html. Security practitioners should verify device applicability and prioritize updates for systems with exposed camera sensors.