Transient DOS via Incorrect Cipher Key in OTA Registration (IE)
CVE-2024-49847 Published on May 6, 2025
Buffer Over-read in Multi-Mode Call Processor
Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.
Vulnerability Analysis
CVE-2024-49847 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.
Products Associated with CVE-2024-49847
stack.watch emails you whenever new vulnerabilities are published in Google Android or Microsoft Internet Explorer (IE). Just hit a watch button to start following.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version AR8035 is affected.
- Version FastConnect 7800 is affected.
- Version QCA6574AU is affected.
- Version QCA6584AU is affected.
- Version QCA6595AU is affected.
- Version QCA6678AQ is affected.
- Version QCA6688AQ is affected.
- Version QCA6698AQ is affected.
- Version QCA8081 is affected.
- Version QCA8337 is affected.
- Version QCC710 is affected.
- Version QCN6224 is affected.
- Version QCN6274 is affected.
- Version QFW7114 is affected.
- Version QFW7124 is affected.
- Version SDM429W is affected.
- Version SDX80M is affected.
- Version SM7675 is affected.
- Version SM7675P is affected.
- Version SM8635 is affected.
- Version SM8635P is affected.
- Version SM8650Q is affected.
- Version SM8750 is affected.
- Version SM8750P is affected.
- Version Snapdragon 429 Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon Auto 5G Modem-RF Gen 2 is affected.
- Version Snapdragon Wear 4100+ Platform is affected.
- Version Snapdragon X72 5G Modem-RF System is affected.
- Version Snapdragon X75 5G Modem-RF System is affected.
- Version WCD9340 is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9390 is affected.
- Version WCD9395 is affected.
- Version WCN3610 is affected.
- Version WCN3620 is affected.
- Version WCN3660B is affected.
- Version WCN3680B is affected.
- Version WCN3980 is affected.
- Version WCN6755 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.