CVE-2022-33214

8.4HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wearables
Vendor
CVE Published:
19 October 2022

Summary

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables AQT1000, QAM8295P, QCA6390, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD439, SD460, SD480, SD660, SD662, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDX50M, SDX55, SDX55M, SM4125, SM4375, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.