Information Disclosure in Snapdragon Products by Qualcomm
CVE-2022-25662

5.3MEDIUM

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor
CVE Published:
19 October 2022

Summary

This vulnerability arises from an untrusted pointer dereference in the kernel across various Qualcomm Snapdragon platforms. It could potentially allow an attacker to gain unauthorized access to sensitive information, thereby compromising the integrity of the system. Affected devices include those in diverse sectors such as automotive, consumer electronics, IoT, and mobile applications. Users of these products are advised to stay informed and apply recommended security updates promptly.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables APQ8096AU, MSM8996AU, QAM8295P, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCC5100, QCS410, QCS610, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD429, SD710, SD778G, SD780G, SD835, SD845, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDX55M, SDXR1, SDXR2 5G, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.