CVE-2024-49847

Q: What is the severity of CVE-2024-49847?

CVE-2024-49847 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service condition in Qualcomm devices by sending specially crafted registration acceptance OTA messages with incorrect ciphering key data. It affects mobile devices and infrastructure equipment using vulnerable Qualcomm chipsets. The attack disrupts normal device operation temporarily.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service condition in Qualcomm devices by sending specially crafted registration acceptance OTA messages with incorrect ciphering key data. It affects mobile devices and infrastructure equipment using vulnerable Qualcomm chipsets. The attack disrupts normal device operation temporarily.

💻 Affected Systems

Products:

Qualcomm mobile platforms
Qualcomm infrastructure equipment

Versions: Specific versions not publicly detailed in bulletin; refer to Qualcomm advisory for exact affected versions

Operating Systems: Android, Embedded systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices processing OTA registration messages; exact chipset models not specified in public bulletin

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for affected devices, preventing voice calls, data connectivity, and emergency services access until device restart or network re-registration.

🟠

Likely Case

Temporary service interruption (transient DOS) affecting specific devices, requiring reconnection to network services.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware preventing malicious OTA messages from reaching devices.

🌐 Internet-Facing: MEDIUM - Attack requires sending OTA messages to devices, which typically requires network access but not direct internet exposure.

🏢 Internal Only: MEDIUM - Attack could be launched from within mobile network operator infrastructure or adjacent network segments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send OTA messages to target devices, typically requiring network access to mobile infrastructure

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm May 2025 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Obtain firmware updates from device manufacturer. 3. Apply patches through standard OTA update mechanisms. 4. Verify patch installation and restart devices.

🔧 Temporary Workarounds

Network filtering

all

Filter malicious OTA registration messages at network perimeter

Access control

all

Restrict OTA message sources to trusted network elements only

🧯 If You Can't Patch

Implement network monitoring for abnormal OTA message patterns
Isolate vulnerable devices in separate network segments with restricted OTA message sources

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory; monitor for unexpected service disruptions after OTA registration messages

Check Version:

Device-specific commands vary by manufacturer; typically: adb shell getprop ro.build.version.security_patch (Android) or manufacturer-specific firmware check

Verify Fix Applied:

Verify firmware version matches patched version in Qualcomm bulletin; test OTA registration processing

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Failed registration attempts
OTA message processing errors

Network Indicators:

Abnormal OTA message patterns
Multiple registration requests from single source
Malformed ciphering key data in OTA messages

SIEM Query:

search 'OTA registration' AND (error OR failure OR reboot) within 5 minutes

📊 Metadata

CVE ID: CVE-2024-49847

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

EPSS Score: 0.09% exploit probability (25.4th percentile)

Published: May 6, 2025

Last Updated: May 9, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2025-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx80m Firmware by Qualcomm

Sm7675 Firmware by Qualcomm

Sm7675p Firmware by Qualcomm

Sm8635 Firmware by Qualcomm

Sm8635p Firmware by Qualcomm

Sm8650q Firmware by Qualcomm

Sm8750 Firmware by Qualcomm

Sm8750p Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon Wear 4100\+ Firmware by Qualcomm

Snapdragon X72 5g Modem Rf Firmware by Qualcomm

Snapdragon X75 5g Modem Rf Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm