#VU71027 Buffer over-read in Qualcomm products - CVE-2022-33255

Vulnerability identifier: #VU71027

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-33255

CWE-ID: CWE-126

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
QCA6574AU
QCS405
QCS605
SA6155P
SD205
SD210
SD625
SD835
SD845
SDM429W
AR8031
CSRA6620
CSRA6640
MSM8108
MSM8208
MSM8209
MSM8608
QCA6310
QCA6320
QCA6335
QCA6390
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QCA6574
QCA6574A
QCA6595
QCA6595AU
QCA6696
QCC5100
QCM6125
QCN9011
QCN9012
QCN9074
QCS410
QCS610
QCS6125
QRB5165
QRB5165M
QRB5165N
Qualcomm215
SA6145P
SA6150P
SA6155
SA8145P
SA8150P
SA8155
SA8155P
SA8195P
SD 8 Gen1 5G
SD429
SD439
SD626
SD660
SD865 5G
SD870
SDX55M
SDXR1
SDXR2 5G
SW5100
SW5100P
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9380
WCD9385
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3990
WCN3998
WCN6850
WCN6851
WCN6855
WCN6856
WCN7850
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835

Software vendor:
Qualcomm

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can read and manipulate data.

Install security update from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html