cvelistv5 - cve-2024-49832

CVE-2024-49832 (GCVE-0-2024-49832)

Vulnerability from cvelistv5

Published

2025-02-03 16:51

Modified

2025-02-03 17:34

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-129 - Improper Validation of Array Index

Summary

Memory corruption in Camera due to unusually high number of nodes passed to AXI port.

References

URL

Tags

https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon	Version: FastConnect 6900 Version: FastConnect 7800 Version: QCS6490 Version: Qualcomm Video Collaboration VC3 Platform Version: SDM429W Version: SM8750 Version: SM8750P Version: Snapdragon 429 Mobile Platform Version: Snapdragon 8 Gen 1 Mobile Platform Version: Snapdragon 8 Gen 3 Mobile Platform Version: WCD9380 Version: WCD9390 Version: WCD9395 Version: WCN3620 Version: WCN3660B Version: WCN7860 Version: WCN7861 Version: WCN7880 Version: WCN7881 Version: WSA8830 Version: WSA8832 Version: WSA8835 Version: WSA8840 Version: WSA8845 Version: WSA8845H

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T17:34:07.617489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-03T17:34:15.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in Camera due to unusually high number of nodes passed to AXI port."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-129",
              "description": "CWE-129 Improper Validation of Array Index",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T16:51:33.100Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html"
        }
      ],
      "title": "Improper Validation of Array Index in Camera"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-49832",
    "datePublished": "2025-02-03T16:51:33.100Z",
    "dateReserved": "2024-10-20T17:18:43.214Z",
    "dateUpdated": "2025-02-03T17:34:15.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-0091

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.

Google indique que la vulnérabilité CVE-2024-53104 est activement exploitée dans le cadre d'attaques ciblées.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Google	Android	Android versions 12, 12L, 13, 14 et 15 sans le correctif de sécurité du 3 février 2025

References

Title

Publication Time

Tags

Bulletin de sécurité Google Android

2025-02-03

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Android versions 12, 12L, 13, 14 et 15 sans le correctif de s\u00e9curit\u00e9 du 3 f\u00e9vrier 2025",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0094"
    },
    {
      "name": "CVE-2024-49721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49721"
    },
    {
      "name": "CVE-2024-49723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49723"
    },
    {
      "name": "CVE-2024-49839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49839"
    },
    {
      "name": "CVE-2024-49746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49746"
    },
    {
      "name": "CVE-2023-40136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40136"
    },
    {
      "name": "CVE-2025-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0015"
    },
    {
      "name": "CVE-2024-47892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47892"
    },
    {
      "name": "CVE-2024-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45582"
    },
    {
      "name": "CVE-2023-40138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40138"
    },
    {
      "name": "CVE-2023-40135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40135"
    },
    {
      "name": "CVE-2024-49843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49843"
    },
    {
      "name": "CVE-2023-40139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40139"
    },
    {
      "name": "CVE-2023-40122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40122"
    },
    {
      "name": "CVE-2025-0088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0088"
    },
    {
      "name": "CVE-2024-49832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49832"
    },
    {
      "name": "CVE-2024-49729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49729"
    },
    {
      "name": "CVE-2025-20635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20635"
    },
    {
      "name": "CVE-2025-0097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0097"
    },
    {
      "name": "CVE-2025-0091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0091"
    },
    {
      "name": "CVE-2024-49743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49743"
    },
    {
      "name": "CVE-2024-52935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52935"
    },
    {
      "name": "CVE-2024-46973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46973"
    },
    {
      "name": "CVE-2024-20141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20141"
    },
    {
      "name": "CVE-2024-39441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39441"
    },
    {
      "name": "CVE-2023-40134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40134"
    },
    {
      "name": "CVE-2024-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0037"
    },
    {
      "name": "CVE-2024-45571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45571"
    },
    {
      "name": "CVE-2024-45569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45569"
    },
    {
      "name": "CVE-2025-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0096"
    },
    {
      "name": "CVE-2024-49833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49833"
    },
    {
      "name": "CVE-2025-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0095"
    },
    {
      "name": "CVE-2023-40137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40137"
    },
    {
      "name": "CVE-2024-43705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43705"
    },
    {
      "name": "CVE-2024-53104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
    },
    {
      "name": "CVE-2025-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0099"
    },
    {
      "name": "CVE-2025-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20636"
    },
    {
      "name": "CVE-2024-49834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49834"
    },
    {
      "name": "CVE-2024-20142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20142"
    },
    {
      "name": "CVE-2023-40133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40133"
    },
    {
      "name": "CVE-2025-0100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0100"
    },
    {
      "name": "CVE-2024-38404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38404"
    },
    {
      "name": "CVE-2025-20634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20634"
    },
    {
      "name": "CVE-2025-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0098"
    },
    {
      "name": "CVE-2024-38420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38420"
    },
    {
      "name": "CVE-2024-49741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49741"
    }
  ],
  "initial_release_date": "2025-02-04T00:00:00",
  "last_revision_date": "2025-02-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0091",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-53104 est activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": "2025-02-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Android",
      "url": "https://source.android.com/docs/security/bulletin/2025-02-01?hl=fr"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-49832 (GCVE-0-2024-49832)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0091

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature