CVE-2024-49837
Published: 03 February 2025
Summary
CVE-2024-49837 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Qualcomm Qam8255P Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces validation of array indices and other inputs when reading CPU state data during guest VM suspend, preventing the memory corruption from improper validation.
Requires timely identification, reporting, and correction of flaws like CVE-2024-49837 through vendor patches from Qualcomm's security bulletin.
Implements memory protection mechanisms that mitigate the impact of memory corruption resulting from invalid array index access during VM suspend.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption (array index validation failure) during VM suspend enables arbitrary code execution from low-privileged context, directly mapping to exploitation for privilege escalation on the host.
NVD Description
Memory corruption while reading CPU state data during guest VM suspend.
Deeper analysisAI
CVE-2024-49837 is a memory corruption vulnerability, classified under CWE-129 (Improper Validation of Array Index), that occurs while reading CPU state data during guest VM suspend operations. It affects Qualcomm software components, as documented in their February 2025 security bulletin. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation allows the attacker to achieve high levels of confidentiality, integrity, and availability impacts (C:H/I:H/A:H) within the same security scope (S:U), potentially leading to arbitrary code execution or system compromise on the affected host during guest VM suspend processes.
Mitigation details and patches are outlined in Qualcomm's February 2025 security bulletin, available at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html. Security practitioners should consult this advisory for specific remediation steps tailored to impacted products.
Details
- CWE(s)