Lucene search

QualcommCVE-2022-33292

HistoryMay 02, 2023 - 6:15 a.m.

CVE-2022-33292

2023-05-0206:15:09

CWE-416

qualcomm

web.nvd.nist.gov

cve-2022-33292

memory corruption

qualcomm ipc

use after free

security vulnerability

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.

Affected configurations

Nvd

Node

qualcommsg4150p_firmwareMatch-

AND

qualcommsg4150pMatch-

Node

qualcommsm6225_firmwareMatch-

AND

qualcommsm6225Match-

Node

qualcommsm6225-ad_firmwareMatch-

AND

qualcommsm6225-adMatch-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9375_firmwareMatch-

AND

qualcommwcd9375Match-

Node

qualcommwcn3950_firmwareMatch-

AND

qualcommwcn3950Match-

Node

qualcommwcn3988_firmwareMatch-

AND

qualcommwcn3988Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

VendorProductVersionCPE
qualcommsg4150p_firmware-cpe:2.3:o:qualcomm:sg4150p_firmware:-:*:*:*:*:*:*:*
qualcommsg4150p-cpe:2.3:h:qualcomm:sg4150p:-:*:*:*:*:*:*:*
qualcommsm6225_firmware-cpe:2.3:o:qualcomm:sm6225_firmware:-:*:*:*:*:*:*:*
qualcommsm6225-cpe:2.3:h:qualcomm:sm6225:-:*:*:*:*:*:*:*
qualcommsm6225-ad_firmware-cpe:2.3:o:qualcomm:sm6225-ad_firmware:-:*:*:*:*:*:*:*
qualcommsm6225-ad-cpe:2.3:h:qualcomm:sm6225-ad:-:*:*:*:*:*:*:*
qualcommwcd9370_firmware-cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
qualcommwcd9370-cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
qualcommwcd9375_firmware-cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
qualcommwcd9375-cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	sg4150p_firmware	-	cpe:2.3:o:qualcomm:sg4150p_firmware:-:::::::*
qualcomm	sg4150p	-	cpe:2.3:h:qualcomm:sg4150p:-:::::::*
qualcomm	sm6225_firmware	-	cpe:2.3:o:qualcomm:sm6225_firmware:-:::::::*
qualcomm	sm6225	-	cpe:2.3:h:qualcomm:sm6225:-:::::::*
qualcomm	sm6225-ad_firmware	-	cpe:2.3:o:qualcomm:sm6225-ad_firmware:-:::::::*
qualcomm	sm6225-ad	-	cpe:2.3:h:qualcomm:sm6225-ad:-:::::::*
qualcomm	wcd9370_firmware	-	cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::*
qualcomm	wcd9370	-	cpe:2.3:h:qualcomm:wcd9370:-:::::::*
qualcomm	wcd9375_firmware	-	cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::*
qualcomm	wcd9375	-	cpe:2.3:h:qualcomm:wcd9375:-:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Compute",
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SG4150P"
      },
      {
        "status": "affected",
        "version": "Snapdragon 680 4G Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
      },
      {
        "status": "affected",
        "version": "WCD9370"
      },
      {
        "status": "affected",
        "version": "WCD9375"
      },
      {
        "status": "affected",
        "version": "WCN3950"
      },
      {
        "status": "affected",
        "version": "WCN3988"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2022-33292