CVE-2024-49848
published 2025-04-07CVE-2024-49848: Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
PriorityP431medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.13%
3.0th percentile
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
Affected
148 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-49848: Kernel
vendor_android·2025-04-01·CVSS 6.7
CVE-2024-49848 [MEDIUM] CVE-2024-49848: Kernel
Android Security Bulletin 2025-04-01
CVE: CVE-2024-49848
Severity: HIGH
Component: Kernel
References: A-388048362
QC-CR#3908517
GHSA
GHSA-3pq5-82wc-xqgh: Memory corruption while processing multiple IOCTL calls from HLOS to DSP
ghsa_unreviewed·2025-04-07
CVE-2024-49848 [MEDIUM] CWE-416 GHSA-3pq5-82wc-xqgh: Memory corruption while processing multiple IOCTL calls from HLOS to DSP
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
Project0
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
project_zero·2024-12-01
CVE-2024-21455 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - Project Zero
Posted by Seth Jenkins, Google Project Zero
This blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!
## Introduction
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,
No detection rules found.
No public exploits indexed.
2025-04-07
Published