Memory Corruption in Snapdragon IoT and Audio Products by Qualcomm
CVE-2022-25727

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Voice & Music
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-25727?

This vulnerability involves memory corruption in Qualcomm's Snapdragon platform due to an improper length check while copying data into memory. This issue affects various products in the Snapdragon Consumer IoT, Industrial IoT, and Voice & Music categories. When exploited, it could lead to unexpected behavior, potentially exposing systems to further risks.

Affected Version(s)

Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music AR8031

Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music CSRA6620

Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music CSRA6640

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Feb 22, 2022