Denial of Service Vulnerability in Snapdragon Mobile Modem by Qualcomm
CVE-2022-25691

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Mobile
Vendor: CVE Published:; 13 December 2022

What is CVE-2022-25691?

This vulnerability pertains to a denial of service issue in Qualcomm's Snapdragon mobile modems. It arises from a reachable assertion that occurs while processing SIB1 with invalid SCS (Subcarrier Spacing) and bandwidth settings. This flaw could potentially lead to service disruptions, preventing users from effectively utilizing mobile connectivity. Organizations using affected Snapdragon modems should be aware of this issue and take necessary precautions to mitigate risks associated with invalid configurations.

Affected Version(s)

Snapdragon Mobile AR8035

Snapdragon Mobile QCA8081

Snapdragon Mobile QCA8337

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Feb 22, 2022