CVE-2024-49834

Q: What is the severity of CVE-2024-49834?

CVE-2024-49834 has a CVSS score of 7.8 (HIGH). This vulnerability involves memory corruption during camera sensor power-up or power-down sequences on Qualcomm devices. It could allow attackers to execute arbitrary code or cause denial of service. This affects devices with Qualcomm camera hardware components.

7.8 HIGH

📋 TL;DR

This vulnerability involves memory corruption during camera sensor power-up or power-down sequences on Qualcomm devices. It could allow attackers to execute arbitrary code or cause denial of service. This affects devices with Qualcomm camera hardware components.

💻 Affected Systems

Products:

Qualcomm camera sensor components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for affected chipsets.

Operating Systems: Android and other OS using Qualcomm camera hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm camera sensor drivers/firmware. Requires camera hardware access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash or reboot causing denial of service, potentially requiring physical restart.

🟢

If Mitigated

Limited impact with proper memory protections and sandboxing in place.

🌐 Internet-Facing: MEDIUM - Requires camera access which could be triggered remotely via apps or services.

🏢 Internal Only: HIGH - Local apps with camera permissions could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering camera power sequences, likely through malicious apps with camera permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm security bulletin for specific firmware/driver updates.

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check device manufacturer for security updates. 2. Apply Qualcomm-provided firmware/driver patches. 3. Update device OS if patches are included in system updates.

🔧 Temporary Workarounds

Restrict camera permissions

all

Limit camera access to trusted applications only.

Disable unnecessary camera features

all

Turn off camera services when not in use.

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement strict app vetting and camera permission controls

🔍 How to Verify

Check if Vulnerable:

Check device specifications against Qualcomm's affected products list in the security bulletin.

Check Version:

Device-specific commands vary; generally check Settings > About Phone > Software Information

Verify Fix Applied:

Verify firmware/driver versions match patched versions from Qualcomm advisory.

📡 Detection & Monitoring

Log Indicators:

Unexpected camera power state changes
Memory access violations in camera subsystem logs
Device crashes during camera operations

Network Indicators:

Unusual camera-related network traffic if exploited for data exfiltration

SIEM Query:

Search for camera service crashes or memory corruption events in system logs

📊 Metadata

CVE ID: CVE-2024-49834

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs615 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8300 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qcs9100 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Robotics Rb2 Firmware by Qualcomm

Robotics Rb5 Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa7775p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm6370 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Smart Audio 400 Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 695 5g Mobile Firmware by Qualcomm

Snapdragon 778g 5g Mobile Firmware by Qualcomm

Snapdragon 778g 5g Mobile Firmware by Qualcomm

Snapdragon 780g 5g Mobile Firmware by Qualcomm

Snapdragon 782g Mobile Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm