Memory Corruption in Snapdragon Products by Qualcomm
CVE-2022-25712

6.7MEDIUM

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor: CVE Published:; 13 December 2022

Summary

A memory corruption vulnerability has been identified in various Qualcomm Snapdragon products, including Snapdragon Auto, Compute, Consumer IoT, Mobile, and Wearables. This issue arises from insufficient checking of input sizes during buffer copying operations, which could potentially lead to unauthorized access or modification of system memory. Exploitation of this vulnerability may compromise the integrity and availability of affected devices, necessitating immediate attention from users and device manufacturers.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables AQT1000

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables MDM9150

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables QCA6310

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Feb 22, 2022