Memory Corruption Vulnerability in Snapdragon Connectivity and Mobile by Qualcomm
CVE-2022-25708

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Snapdragon Connectivity, Snapdragon Mobile
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-25708?

A vulnerability exists in the Snapdragon Connectivity and Mobile products due to memory corruption caused by improper handling of buffer sizes during key parsing operations. This security flaw may allow an attacker to exploit the memory management, leading to unauthorized access or disruption in network services. Proper validation of input sizes is critical to prevent such vulnerabilities.

Affected Version(s)

Snapdragon Connectivity, Snapdragon Mobile SD 8 Gen1 5G, SD888 5G, SM7450, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Feb 22, 2022