Information Disclosure Vulnerability in Snapdragon Products by Qualcomm
CVE-2022-25653

6.8MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor: CVE Published:; 16 September 2022

Summary

This vulnerability allows for information disclosure due to a buffer over-read while processing AVI files. It specifically impacts a range of Qualcomm's Snapdragon products, potentially allowing malicious entities to exploit the flaw for unauthorized data access.

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables APQ8053, AQT1000, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCM4290, QCM6490, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, Qualcomm215, SD 675, SD 8 Gen1 5G, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Feb 22, 2022