Buffer over-read in Qualcomm products - CVE-2022-33287
Published: April 3, 2023
Vulnerability identifier: #VU74323
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-33287
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
9205 LTE Modem
9206 LTE Modem
9207 LTE Modem
AR8031
CSRA6620
CSRA6640
FastConnect 6200
FastConnect 6900
FastConnect 7800
Home Hub 100 Platform
MDM8207
QCA4004
QCA4010
QCA4024
QTS110
Smart Audio 400 Platform
Snapdragon 1100 Wearable Platform
Snapdragon 1200 Wearable Platform
Snapdragon AR2 Gen 1 Platform
Snapdragon Wear 1300 Platform
Snapdragon X5 LTE Modem
SSG2115P
SSG2125P
SXR1230P
SXR2230P
WCD9306
WCD9330
WCD9335
WCD9380
WCD9385
WCN3980
WCN3999
WSA8810
WSA8815
WSA8830
WSA8835
WSA8832
9205 LTE Modem
9206 LTE Modem
9207 LTE Modem
AR8031
CSRA6620
CSRA6640
FastConnect 6200
FastConnect 6900
FastConnect 7800
Home Hub 100 Platform
MDM8207
QCA4004
QCA4010
QCA4024
QTS110
Smart Audio 400 Platform
Snapdragon 1100 Wearable Platform
Snapdragon 1200 Wearable Platform
Snapdragon AR2 Gen 1 Platform
Snapdragon Wear 1300 Platform
Snapdragon X5 LTE Modem
SSG2115P
SSG2125P
SXR1230P
SXR2230P
WCD9306
WCD9330
WCD9335
WCD9380
WCD9385
WCN3980
WCN3999
WSA8810
WSA8815
WSA8830
WSA8835
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Modem. A remote attacker can read and manipulate data.
Remediation
Install security update from vendor's website.