#VU108702 Buffer over-read in Qualcomm products - CVE-2024-49846
Published: May 6, 2025
Vulnerability identifier: #VU108702
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-49846
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
FastConnect 7800
QCA6595AU
QCA6678AQ
QCA6688AQ
QCA6698AQ
QCA8081
QCA8337
QCC710
QCN6224
QCN6274
QFW7114
QFW7124
SDX80M
SM8750
SM8750P
Snapdragon Auto 5G Modem-RF Gen 2
Snapdragon W5+ Gen 1 Wearable Platform
Snapdragon X72 5G Modem-RF System
Snapdragon X75 5G Modem-RF System
SW5100
SW5100P
WCD9340
WCD9395
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
QCA6574AU
WSA8832
AR8035
FastConnect 7800
QCA6595AU
QCA6678AQ
QCA6688AQ
QCA6698AQ
QCA8081
QCA8337
QCC710
QCN6224
QCN6274
QFW7114
QFW7124
SDX80M
SM8750
SM8750P
Snapdragon Auto 5G Modem-RF Gen 2
Snapdragon W5+ Gen 1 Wearable Platform
Snapdragon X72 5G Modem-RF System
Snapdragon X75 5G Modem-RF System
SW5100
SW5100P
WCD9340
WCD9395
WSA8830
WSA8835
WSA8840
WSA8845
WSA8845H
QCA6574AU
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Multi-Mode Call Processor. A remote attacker can read and manipulate data.
Remediation
Install security update from vendor's website.