Buffer Over-Read Vulnerability in Qualcomm Snapdragon Products
CVE-2022-33268

8.2HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability exists in Qualcomm's Snapdragon product line that allows for information disclosure via a buffer over-read during the Bluetooth pairing and connection process with A2DP. This issue affects multiple Snapdragon variants, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, potentially exposing sensitive data during Bluetooth interactions.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8009

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8017

Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables AR8031

References

https://www.qualcomm.com/company/product-security/bulleti...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Jun 14, 2022