Use-after-free in Qualcomm products - CVE-2022-22090

 

Use-after-free in Qualcomm products - CVE-2022-22090

Published: June 7, 2022


Vulnerability identifier: #VU64045
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22090
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Qualcomm
Affected software:
SD 8 Gen1 5G
SD865 5G
SD888 5G
SDX65
WCD9370
WCD9375
WCD9380
WCD9385
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7850
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835
SM7450
SM8475
SM8475P
WSA8832

Detailed vulnerability description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error while managing buffers from internal cache in Audio. A local attacker can execute arbitrary code on the target system.


How to mitigate CVE-2022-22090

Install updates from vendor's website.

Sources