Memory Corruption Vulnerability in Qualcomm Snapdragon Products
CVE-2022-22074

8.4HIGH

Summary

A memory corruption vulnerability has been identified in Qualcomm Snapdragon products, which arises during the playback of wma files. This issue is caused by an integer overflow, potentially allowing attackers to exploit the affected components. The vulnerability impacts a range of Snapdragon products, underscoring the need for device manufacturers and users to remain vigilant against possible exploits. Regular updates and security patches are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8937, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QRB5165, QRB5165M, QRB5165N, Qualcomm215, SA415M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD730, SD750G, SD765, SD765G, SD768G, SD780G, SD835, SD855, SD865 5G, SD870, SD888 5G, SDM429W, SDM630, SDW2500, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM7250P, SM7450, SM8475, SM8475P, SW5100, S ...[truncated*]

References

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.