CVE-2022-25666

6.7MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure And Networking
Vendor: CVE Published:; 19 October 2022

Summary

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8096AU

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking AQT1000

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking AR9380

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Feb 22, 2022