Buffer over-read in Qualcomm products - CVE-2022-33297
Published: April 3, 2023
Vulnerability identifier: #VU74329
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-33297
CWE-ID: CWE-126
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
QCA6310
QCA6320
Snapdragon 835 Mobile Platform
WCD9335
WCD9340
WCD9341
WCN3990
WSA8810
WSA8815
SD835
QCA6310
QCA6320
Snapdragon 835 Mobile Platform
WCD9335
WCD9340
WCD9341
WCN3990
WSA8810
WSA8815
SD835
Detailed vulnerability description
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Linux Sensors. A local application can read and manipulate data.
How to mitigate CVE-2022-33297
Install security update from vendor's website.