PUBLISHED DATE: May 6, 2025CVE-2024-49846:
Memory Corruption Vulnerability

CVSS:

9.1

EPSS:

4.80%

Exploitability:

3.9

In KEV:

No

Description

Memory corruption while decoding of OTA messages from T3448 IE.

Products

Qualcomm AR8035 Firmware
Qualcomm FASTCONNECT 7800 FIRMWARE -
Qualcomm QCA6574AU Firmware
Qualcomm QCA6595AU Firmware
Qualcomm QCA6678AQ FIRMWARE -
Qualcomm QCA6688AQ Firmware
Qualcomm QCA6698AQ FIRMWARE -
Qualcomm QCA8081 Firmware
Qualcomm QCA8337 Firmware
Qualcomm QCC710 Firmware
Qualcomm QCN6224 Firmware
Qualcomm QCN6274 Firmware
Qualcomm QFW7114 Firmware
Qualcomm QFW7124 Firmware
Qualcomm SDX80M Firmware
Qualcomm SM8750 Firmware
Qualcomm SM8750P Firmware
Qualcomm Snapdragon Auto 5g Modem-RFGen 2 Firmware
Qualcomm Snapdragon W5+ Gen 1 Wearable Firmware
Qualcomm Snapdragon X72 5G MODEM-RF System Firmware
Qualcomm Snapdragon X75 5G Modem-RF System Firmware
Qualcomm SW5100 Firmware
Qualcomm SW5100P Firmware
Qualcomm WCD9340 Firmware
Qualcomm WCD9395 Firmware
Qualcomm WSA8830 Firmware
Qualcomm WSA8832 Firmware
Qualcomm WSA8835 Firmware
Qualcomm WSA8840 Firmware
Qualcomm WSA8845 Firmware
Qualcomm WSA8845H Firmware

Questions to Ask Vendors

Can you confirm whether your systems are affected by CVE-2024-49846, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2024-49846 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

Check out the advisory links provided below.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49846

Ready to get results you can trust?