#VU67074 Integer overflow in Qualcomm products - CVE-2022-22089
Published: September 8, 2022
Vulnerability identifier: #VU67074
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-22089
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
QCA8081
QCA8337
SD 8 Gen1 5G
SDX65
SW5100
SW5100P
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN6750
WCN6855
WCN6856
WCN7851
WSA8830
WSA8835
SM7450
SM8475
SM8475P
WSA8832
AR8035
QCA8081
QCA8337
SD 8 Gen1 5G
SDX65
SW5100
SW5100P
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN6750
WCN6855
WCN6856
WCN7851
WSA8830
WSA8835
SM7450
SM8475
SM8475P
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the audio module when processing records. A remote attacker can trick the victim to play a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.