DOS Vulnerability in Qualcomm Products Due to Ciphering Key Issues
CVE-2024-49847

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 6 May 2025

What is CVE-2024-49847?

A vulnerability has been identified in Qualcomm chipsets that can lead to a transient Denial of Service during the processing of registration acceptance Over-The-Air (OTA) updates. This issue arises from improper handling of ciphering key data, which can be exploited to disrupt normal operations. Users and organizations utilizing affected Qualcomm products should monitor security updates and apply patches to mitigate potential risks.

Affected Version(s)

Snapdragon Snapdragon Auto AR8035

Snapdragon Snapdragon Auto FastConnect 7800

Snapdragon Snapdragon Auto QCA6574AU

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Oct 20, 2024