CVE-2024-49829
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Memory corruption can occur during context user dumps due to inadequate checks on buffer length.
Analysis
Memory corruption can occur during context user dumps due to inadequate checks on buffer length. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Technical Context
This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Memory corruption can occur during context user dumps due to inadequate checks on buffer length. Affected products include: Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Sdm429W Firmware, Qualcomm Snapdragon 429 Mobile Firmware, Qualcomm Snapdragon 8 Gen 1 Mobile Firmware.
Affected Products
Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Sdm429W Firmware, Qualcomm Snapdragon 429 Mobile Firmware, Qualcomm Snapdragon 8 Gen 1 Mobile Firmware.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today