Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2024-49835 – Out-of-bounds Write in SPS Applications (8th May 2025)

Leave a comment

Preface: Semi-Persistent Scheduling (SPS) is used in LTE and 5G networks to reduce control channel overhead for applications requiring persistent radio resource allocations, such as VoIP and VoLTE . The memory usage for SPS on Android devices can vary based on several factors, including the specific implementation and the network conditions.

A method and apparatus for determining validity of a semi-persistent scheduling (SPS) resource across multiple cells in a wireless communication system is provided. A user equipment (UE) receives a SPS resource configuration including time information related to validity of the SPS resource configuration from a network, and determines whether the SPS resource configuration is valid or not according to the time information.

Background: Semi-Persistent Scheduling (SPS) Workflow

  1. The RF module in the Snapdragon chip receives the SPS resource configuration from the network. This configuration includes time information related to the validity of the SPS resource.
  2. The Physical Layer (PHY) processes the received configuration to determine its validity based on the time information provided.
  3. If the configuration is valid, the Medium Access Control (MAC) layer handles the allocation of radio resources for multiple consecutive Transmission Time Intervals (TTIs). This reduces the need for frequent scheduling decisions and signaling overhead.
  4. The MAC layer coordinates with the Radio Link Control (RLC) layer to manage data transmission using the allocated resources. The RLC layer ensures data integrity and proper sequencing.
  5. The Digital Signal Processor (DSP) and Application Processor within the Snapdragon chip are responsible for executing the scheduling algorithms and managing the data flow.The configuration and scheduling information are stored in the shared memory accessible by both the DSP and the application processor.

Vulnerability details: Out-of-bounds Write in SPS Applications. Memory corruption while reading secure file. This is a type of memory access error that occurs when a program writes data from a memory address outside of the bounds of a buffer. This can result in the program writing data that does not belong to it, which can cause crashes, incorrect behavior, or even security vulnerabilities.

Official announcement: For details, please refer to the link –https://nvd.nist.gov/vuln/detail/cve-2024-49835

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.