WLAN Memory Corruption in Qualcomm Snapdragon Products
CVE-2022-25720

9.8CRITICAL

Key Information:

Vendor

Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Vendor
CVE Published:
19 October 2022

What is CVE-2022-25720?

A memory corruption vulnerability exists in WLAN implementation within various Qualcomm Snapdragon products, triggered by out of bound array access during connection and roaming processes. This flaw potentially allows an attacker to exploit the vulnerability, leading to unexpected behavior or impacts on device performance.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8009

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8009W

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8017

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.