Denial of Service Vulnerability in Qualcomm Snapdragon Products
CVE-2022-25710

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-25710?

This vulnerability affects multiple Qualcomm Snapdragon products, causing a denial of service condition due to a null pointer dereference when the GATT (Generic Attribute Profile) connection is disconnected. This issue has implications for device stability and user experience, particularly in environments reliant on consistent connectivity like automotive and IoT applications.

Affected Version(s)

Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music APQ8009

Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music APQ8017

Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music APQ8096AU

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Feb 22, 2022