Vulnerability identifier: #VU61063
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
AR8035
Mobile applications /
Mobile firmware & hardware
AR9380
Mobile applications /
Mobile firmware & hardware
CSR8811
Mobile applications /
Mobile firmware & hardware
CSRB31024
Mobile applications /
Mobile firmware & hardware
IPQ4018
Mobile applications /
Mobile firmware & hardware
IPQ4028
Mobile applications /
Mobile firmware & hardware
IPQ4029
Mobile applications /
Mobile firmware & hardware
IPQ5010
Mobile applications /
Mobile firmware & hardware
IPQ5018
Mobile applications /
Mobile firmware & hardware
IPQ5028
Mobile applications /
Mobile firmware & hardware
IPQ6010
Mobile applications /
Mobile firmware & hardware
IPQ6018
Mobile applications /
Mobile firmware & hardware
IPQ6028
Mobile applications /
Mobile firmware & hardware
IPQ8065
Mobile applications /
Mobile firmware & hardware
IPQ8068
Mobile applications /
Mobile firmware & hardware
IPQ8070
Mobile applications /
Mobile firmware & hardware
IPQ8070A
Mobile applications /
Mobile firmware & hardware
IPQ8071A
Mobile applications /
Mobile firmware & hardware
IPQ8072A
Mobile applications /
Mobile firmware & hardware
IPQ8074A
Mobile applications /
Mobile firmware & hardware
IPQ8076
Mobile applications /
Mobile firmware & hardware
IPQ8076A
Mobile applications /
Mobile firmware & hardware
IPQ8078
Mobile applications /
Mobile firmware & hardware
IPQ8078A
Mobile applications /
Mobile firmware & hardware
IPQ8173
Mobile applications /
Mobile firmware & hardware
IPQ8174
Mobile applications /
Mobile firmware & hardware
PMP8074
Mobile applications /
Mobile firmware & hardware
QCA4024
Mobile applications /
Mobile firmware & hardware
QCA6390
Mobile applications /
Mobile firmware & hardware
QCA6391
Mobile applications /
Mobile firmware & hardware
QCA6426
Mobile applications /
Mobile firmware & hardware
QCA6436
Mobile applications /
Mobile firmware & hardware
QCA6554A
Mobile applications /
Mobile firmware & hardware
QCA6564AU
Mobile applications /
Mobile firmware & hardware
QCA6574
Mobile applications /
Mobile firmware & hardware
QCA6574A
Mobile applications /
Mobile firmware & hardware
QCA6584AU
Mobile applications /
Mobile firmware & hardware
QCA6595
Mobile applications /
Mobile firmware & hardware
QCA6595AU
Mobile applications /
Mobile firmware & hardware
QCA6696
Mobile applications /
Mobile firmware & hardware
QCA7500
Mobile applications /
Mobile firmware & hardware
QCA8072
Mobile applications /
Mobile firmware & hardware
QCA8075
Mobile applications /
Mobile firmware & hardware
QCA8081
Mobile applications /
Mobile firmware & hardware
QCA8337
Mobile applications /
Mobile firmware & hardware
QCA9880
Mobile applications /
Mobile firmware & hardware
QCA9886
Mobile applications /
Mobile firmware & hardware
QCA9888
Mobile applications /
Mobile firmware & hardware
QCA9889
Mobile applications /
Mobile firmware & hardware
QCA9898
Mobile applications /
Mobile firmware & hardware
QCA9984
Mobile applications /
Mobile firmware & hardware
QCA9985
Mobile applications /
Mobile firmware & hardware
QCA9990
Mobile applications /
Mobile firmware & hardware
QCA9992
Mobile applications /
Mobile firmware & hardware
QCA9994
Mobile applications /
Mobile firmware & hardware
QCM6125
Mobile applications /
Mobile firmware & hardware
QCM6490
Mobile applications /
Mobile firmware & hardware
QCN5021
Mobile applications /
Mobile firmware & hardware
QCN5022
Mobile applications /
Mobile firmware & hardware
QCN5024
Mobile applications /
Mobile firmware & hardware
QCN5052
Mobile applications /
Mobile firmware & hardware
QCN5054
Mobile applications /
Mobile firmware & hardware
QCN5122
Mobile applications /
Mobile firmware & hardware
QCN5124
Mobile applications /
Mobile firmware & hardware
QCN5152
Mobile applications /
Mobile firmware & hardware
QCN5154
Mobile applications /
Mobile firmware & hardware
QCN5164
Mobile applications /
Mobile firmware & hardware
QCN6023
Mobile applications /
Mobile firmware & hardware
QCN6024
Mobile applications /
Mobile firmware & hardware
QCN6100
Mobile applications /
Mobile firmware & hardware
QCN6102
Mobile applications /
Mobile firmware & hardware
QCN6112
Mobile applications /
Mobile firmware & hardware
QCN6122
Mobile applications /
Mobile firmware & hardware
QCN9000
Mobile applications /
Mobile firmware & hardware
QCN9011
Mobile applications /
Mobile firmware & hardware
QCN9012
Mobile applications /
Mobile firmware & hardware
QCN9022
Mobile applications /
Mobile firmware & hardware
QCN9024
Mobile applications /
Mobile firmware & hardware
QCN9070
Mobile applications /
Mobile firmware & hardware
QCN9072
Mobile applications /
Mobile firmware & hardware
QCN9074
Mobile applications /
Mobile firmware & hardware
QCN9100
Mobile applications /
Mobile firmware & hardware
QCS6125
Mobile applications /
Mobile firmware & hardware
QCS6490
Mobile applications /
Mobile firmware & hardware
QRB5165
Mobile applications /
Mobile firmware & hardware
QRB5165M
Mobile applications /
Mobile firmware & hardware
QRB5165N
Mobile applications /
Mobile firmware & hardware
SA4150P
Mobile applications /
Mobile firmware & hardware
SA4155P
Mobile applications /
Mobile firmware & hardware
SA415M
Mobile applications /
Mobile firmware & hardware
SA515M
Mobile applications /
Mobile firmware & hardware
SA6145P
Mobile applications /
Mobile firmware & hardware
SA6150P
Mobile applications /
Mobile firmware & hardware
SA6155
Mobile applications /
Mobile firmware & hardware
SA8145P
Mobile applications /
Mobile firmware & hardware
SA8150P
Mobile applications /
Mobile firmware & hardware
SA8155
Mobile applications /
Mobile firmware & hardware
SA8155P
Mobile applications /
Mobile firmware & hardware
SA8195P
Mobile applications /
Mobile firmware & hardware
SD8Gen15G
Mobile applications /
Mobile firmware & hardware
SD460
Mobile applications /
Mobile firmware & hardware
SD480
Mobile applications /
Mobile firmware & hardware
SD662
Mobile applications /
Mobile firmware & hardware
SD765
Mobile applications /
Mobile firmware & hardware
SD765G
Mobile applications /
Mobile firmware & hardware
SD768G
Mobile applications /
Mobile firmware & hardware
SD778G
Mobile applications /
Mobile firmware & hardware
SD780G
Mobile applications /
Mobile firmware & hardware
SD8655G
Mobile applications /
Mobile firmware & hardware
SD870
Mobile applications /
Mobile firmware & hardware
SD8885G
Mobile applications /
Mobile firmware & hardware
SDX55M
Mobile applications /
Mobile firmware & hardware
SDX65
Mobile applications /
Mobile firmware & hardware
SDXR25G
Mobile applications /
Mobile firmware & hardware
SM6225
Mobile applications /
Mobile firmware & hardware
SM6375
Mobile applications /
Mobile firmware & hardware
SM7250P
Mobile applications /
Mobile firmware & hardware
SM7315
Mobile applications /
Mobile firmware & hardware
SM7325P
Mobile applications /
Mobile firmware & hardware
SW5100
Mobile applications /
Mobile firmware & hardware
SW5100P
Mobile applications /
Mobile firmware & hardware
WCD9360
Mobile applications /
Mobile firmware & hardware
WCD9370
Mobile applications /
Mobile firmware & hardware
WCD9375
Mobile applications /
Mobile firmware & hardware
WCD9380
Mobile applications /
Mobile firmware & hardware
WCD9385
Mobile applications /
Mobile firmware & hardware
WCN3950
Mobile applications /
Mobile firmware & hardware
WCN3980
Mobile applications /
Mobile firmware & hardware
WCN3988
Mobile applications /
Mobile firmware & hardware
WCN3991
Mobile applications /
Mobile firmware & hardware
WCN3998
Mobile applications /
Mobile firmware & hardware
WCN6740
Mobile applications /
Mobile firmware & hardware
WCN6750
Mobile applications /
Mobile firmware & hardware
WCN6850
Mobile applications /
Mobile firmware & hardware
WCN6851
Mobile applications /
Mobile firmware & hardware
WCN6855
Mobile applications /
Mobile firmware & hardware
WCN6856
Mobile applications /
Mobile firmware & hardware
WSA8810
Mobile applications /
Mobile firmware & hardware
WSA8815
Mobile applications /
Mobile firmware & hardware
WSA8830
Mobile applications /
Mobile firmware & hardware
WSA8835
Mobile applications /
Mobile firmware & hardware
IPQ4019
Hardware solutions /
Firmware
IPQ8064
Hardware solutions /
Firmware
QCA6574AU
Hardware solutions /
Firmware
QCA9980
Hardware solutions /
Firmware
QCN6132
Hardware solutions /
Firmware
SA6155P
Hardware solutions /
Firmware
SD888
Hardware solutions /
Firmware
SDX55
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper validation of number of timer values received from firmware while syncing timers in the WLAN Host Communication component. A malicious application can trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AR8035: All versions
AR9380: All versions
CSR8811: All versions
CSRB31024: All versions
IPQ4018: All versions
IPQ4019: All versions
IPQ4028: All versions
IPQ4029: All versions
IPQ5010: All versions
IPQ5018: All versions
IPQ5028: All versions
IPQ6010: All versions
IPQ6018: All versions
IPQ6028: All versions
IPQ8064: All versions
IPQ8065: All versions
IPQ8068: All versions
IPQ8070: All versions
IPQ8070A: All versions
IPQ8071A: All versions
IPQ8072A: All versions
IPQ8074A: All versions
IPQ8076: All versions
IPQ8076A: All versions
IPQ8078: All versions
IPQ8078A: All versions
IPQ8173: All versions
IPQ8174: All versions
PMP8074: All versions
QCA4024: All versions
QCA6390: All versions
QCA6391: All versions
QCA6426: All versions
QCA6436: All versions
QCA6554A: All versions
QCA6564AU: All versions
QCA6574: All versions
QCA6574A: All versions
QCA6574AU: All versions
QCA6584AU: All versions
QCA6595: All versions
QCA6595AU: All versions
QCA6696: All versions
QCA7500: All versions
QCA8072: All versions
QCA8075: All versions
QCA8081: All versions
QCA8337: All versions
QCA9880: All versions
QCA9886: All versions
QCA9888: All versions
QCA9889: All versions
QCA9898: All versions
QCA9980: All versions
QCA9984: All versions
QCA9985: All versions
QCA9990: All versions
QCA9992: All versions
QCA9994: All versions
QCM6125: All versions
QCM6490: All versions
QCN5021: All versions
QCN5022: All versions
QCN5024: All versions
QCN5052: All versions
QCN5054: All versions
QCN5122: All versions
QCN5124: All versions
QCN5152: All versions
QCN5154: All versions
QCN5164: All versions
QCN6023: All versions
QCN6024: All versions
QCN6100: All versions
QCN6102: All versions
QCN6112: All versions
QCN6122: All versions
QCN6132: All versions
QCN9000: All versions
QCN9011: All versions
QCN9012: All versions
QCN9022: All versions
QCN9024: All versions
QCN9070: All versions
QCN9072: All versions
QCN9074: All versions
QCN9100: All versions
QCS6125: All versions
QCS6490: All versions
QRB5165: All versions
QRB5165M: All versions
QRB5165N: All versions
SA4150P: All versions
SA4155P: All versions
SA415M: All versions
SA515M: All versions
SA6145P: All versions
SA6150P: All versions
SA6155: All versions
SA6155P: All versions
SA8145P: All versions
SA8150P: All versions
SA8155: All versions
SA8155P: All versions
SA8195P: All versions
SD8Gen15G: All versions
SD460: All versions
SD480: All versions
SD662: All versions
SD765: All versions
SD765G: All versions
SD768G: All versions
SD778G: All versions
SD780G: All versions
SD8655G: All versions
SD870: All versions
SD888: All versions
SD8885G: All versions
SDX55: All versions
SDX55M: All versions
SDX65: All versions
SDXR25G: All versions
SM6225: All versions
SM6375: All versions
SM7250P: All versions
SM7315: All versions
SM7325P: All versions
SW5100: All versions
SW5100P: All versions
WCD9360: All versions
WCD9370: All versions
WCD9375: All versions
WCD9380: All versions
WCD9385: All versions
WCN3950: All versions
WCN3980: All versions
WCN3988: All versions
WCN3991: All versions
WCN3998: All versions
WCN6740: All versions
WCN6750: All versions
WCN6850: All versions
WCN6851: All versions
WCN6855: All versions
WCN6856: All versions
WSA8810: All versions
WSA8815: All versions
WSA8830: All versions
WSA8835: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin
http://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=dce054909b432773df3d1c8c4230bad7f12a2b45
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.