CVE-2024-49836

CVE-2024-49836 is a memory corruption vulnerability that may occur during the synchronization of a camera's frame processing pipeline. It affects Qualcomm components, as detailed in their security bulletin, and is classified under CWE-129 (Improper Validation of Array Index). The vulnerability carries a CVSS v3.1 base score of 7.8, reflecting high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction required. Successful exploitation enables high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise through memory corruption in the camera pipeline.

Qualcomm's March 2025 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html) provides details on affected products and recommended mitigations or patches. Security practitioners should consult the advisory for specific remediation steps.