Memory Corruption Vulnerability in Snapdragon Products by Qualcomm
CVE-2022-25748

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure And Networking
Vendor: CVE Published:; 19 October 2022

Summary

A vulnerability exists in Qualcomm's Snapdragon product line, stemming from memory corruption triggered by an integer overflow during the processing of GTK frames. This flaw affects a wide range of Snapdragon variants, including those utilized in automotive, connectivity, consumer electronics, IoT, and mobile applications. Exploiting this vulnerability may enable attackers to execute malicious code or disrupt system operations, underscoring the importance of timely updates and security measures.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8009

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2022
Vulnerability Reserved
Feb 22, 2022