CVE-2024-49833

Q: What is the severity of CVE-2024-49833?

CVE-2024-49833 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm camera components when an invalid CID (Camera ID) is used. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable camera drivers.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm camera components when an invalid CID (Camera ID) is used. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable camera drivers.

💻 Affected Systems

Products:

Qualcomm chipsets with camera components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected versions

Operating Systems: Android and other OS using Qualcomm camera drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm camera hardware and vulnerable driver implementations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on the device.

🟢

If Mitigated

Denial of service causing camera functionality disruption without system compromise.

🌐 Internet-Facing: LOW - Requires local access or malicious app installation.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or local attackers on compromised devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send malformed camera commands, likely through local app or system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm February 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check device manufacturer for security updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Update camera driver/firmware if available separately.

🔧 Temporary Workarounds

Camera Access Restriction

all

Restrict camera permissions to trusted apps only

🧯 If You Can't Patch

Implement strict app vetting and permission controls
Monitor for suspicious camera access patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset and firmware version against Qualcomm advisory

Check Version:

adb shell getprop ro.build.version.security_patch (for Android devices)

Verify Fix Applied:

Verify security patch level includes February 2025 or later Qualcomm updates

📡 Detection & Monitoring

Log Indicators:

Camera service crashes
Unexpected camera permission requests
Memory corruption errors in system logs

SIEM Query:

Look for camera service anomalies or permission escalation attempts

📊 Metadata

CVE ID: CVE-2024-49833

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon Ar1 Gen 1 Firmware by Qualcomm

Snapdragon Ar2 Gen 1 Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1m Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Sxr2250p Firmware by Qualcomm

Sxr2330p Firmware by Qualcomm

Talynplus Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6450 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm