CVE-2024-49843

Q: What is the severity of CVE-2024-49843?

CVE-2024-49843 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption through improper input validation when processing IOCTL calls related to GPU AHB bus error handling. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. This primarily affects devices with Qualcomm GPUs that haven't been patched.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption through improper input validation when processing IOCTL calls related to GPU AHB bus error handling. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. This primarily affects devices with Qualcomm GPUs that haven't been patched.

💻 Affected Systems

Products:

Qualcomm GPU drivers

Versions: Specific versions not detailed in reference, but pre-February 2025 patches

Operating Systems: Android, Linux distributions with Qualcomm GPUs

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Qualcomm Adreno GPUs; exact chipset models not specified in provided reference

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution leading to complete device control

🟠

Likely Case

System crash or denial of service through memory corruption

🟢

If Mitigated

Limited impact with proper input validation and memory protections

🌐 Internet-Facing: LOW - Requires local access or malicious app installation

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or local users

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app with appropriate permissions; IOCTL manipulation needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in February 2025 security bulletin

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Restart Required: No

Instructions:

1. Check device manufacturer for security updates. 2. Apply February 2025 or later Qualcomm security patches. 3. Update GPU drivers if available separately.

🔧 Temporary Workarounds

Restrict IOCTL access

Linux-based systems

Limit access to GPU IOCTL interfaces through SELinux/AppArmor policies

# Configure SELinux to restrict GPU device access
# audit2allow and custom policies may be needed

🧯 If You Can't Patch

Implement strict application sandboxing to limit GPU access
Monitor for abnormal GPU-related system calls and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Qualcomm security patch level - if before February 2025, likely vulnerable

Check Version:

On Android: getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level includes February 2025 or later Qualcomm updates

📡 Detection & Monitoring

Log Indicators:

Unusual GPU IOCTL calls
Memory access violations in kernel logs
GPU driver crash reports

Network Indicators:

Not network exploitable - local vulnerability

SIEM Query:

source="kernel" AND "GPU" AND ("IOCTL" OR "memory corruption" OR "AHB")

📊 Metadata

CVE ID: CVE-2024-49843

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

EPSS Score: 0.04% exploit probability (9.7th percentile)

Published: February 3, 2025

Last Updated: February 5, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Sm4635 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 480 5g Mobile Firmware by Qualcomm

Snapdragon 695 5g Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr2330p Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc5 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6450 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wcn7860 Firmware by Qualcomm

Wcn7861 Firmware by Qualcomm

Wcn7880 Firmware by Qualcomm

Wcn7881 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm