Buffer Overflow in Snapdragon Products by Qualcomm
CVE-2022-22072

7.8HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music
Vendor
CVE Published:
14 June 2022

Summary

A buffer overflow vulnerability has been identified in Qualcomm's Snapdragon product line due to improper validation of Neighbor Discovery Protocol (NDP) application information length. This flaw affects multiple Snapdragon-based applications across various platforms, potentially allowing an attacker to execute arbitrary code or crash the system. Users of affected Snapdragon products should prioritize updating to the latest firmware to mitigate risks associated with this vulnerability.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music APQ8009, APQ8017, APQ8053, APQ8096AU, AR8031, CSRA6620, CSRA6640, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9650, MSM8937, PM8937, QCA4020, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA9367, QCA9377, QCA9379, QCS405, QCS603, QCS605, SA515M, SD670, SD710, SD820, SD835, SD845, SDX12, SDX20, SDX24, SDXR1, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3980, WCN3990, WCN3998, WCN3999, WSA8810, WSA8815

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.