CVE-2024-49839
Published: 03 February 2025
Summary
CVE-2024-49839 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the memory corruption vulnerability by requiring timely application of Qualcomm patches specified in their February 2025 security bulletin.
Requires validation of incoming management frames and T2LM information elements to prevent processing of malformed data leading to buffer over-reads.
Implements memory protection mechanisms like address space layout randomization and stack canaries to mitigate exploitation of the out-of-bounds read memory corruption.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of management frame processing in Qualcomm wireless components directly maps to public-facing application exploitation; buffer over-read enables info disclosure/DoS impact.
NVD Description
Memory corruption during management frame processing due to mismatch in T2LM info element.
Deeper analysisAI
CVE-2024-49839 is a memory corruption vulnerability stemming from a mismatch in the T2LM information element during management frame processing. It affects components in Qualcomm products, as detailed in their security bulletin. The issue is associated with CWE-126 (Buffer Over-read) and CWE-125 (Out-of-bounds Read), earning a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L), indicating high severity due to its network accessibility and potential for significant confidentiality impact.
A remote, unauthenticated attacker can exploit this vulnerability by sending crafted management frames over the network with low complexity and no user interaction required. Successful exploitation could result in high-impact confidentiality violations, such as disclosure of sensitive information through memory corruption, alongside a low-impact availability disruption, potentially enabling denial-of-service conditions.
Qualcomm's February 2025 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2025-bulletin.html provides details on affected products and recommended mitigations or patches.
Details
- CWE(s)