Memory Corruption in Qualcomm Snapdragon Products
CVE-2022-25666

6.7MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure And Networking
Vendor: CVE Published:; 19 October 2022

Summary

A memory corruption vulnerability exists in Qualcomm's Snapdragon products due to a use-after-free error. This issue arises when multiple threads attempt to access shared resources, leading to potential exploitation. The affected products include a range of Snapdragon variants utilized in automotive, computing, consumer IoT, industrial IoT, mobile, wearable, and networking applications, making timely security patches essential for mitigating the risks associated with this vulnerability.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8096AU

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking AQT1000

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking AR9380

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Feb 22, 2022