Vulnerability identifier: #VU61075
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
APQ8096AU
Hardware solutions /
Firmware
MSM8996AU
Hardware solutions /
Firmware
QCA6574AU
Hardware solutions /
Firmware
SA6155P
Hardware solutions /
Firmware
SA8540P
Hardware solutions /
Firmware
SA9000P
Hardware solutions /
Firmware
SDX55
Hardware solutions /
Firmware
AR6003
Mobile applications /
Mobile firmware & hardware
MDM8215
Mobile applications /
Mobile firmware & hardware
MDM8215M
Mobile applications /
Mobile firmware & hardware
MDM8615M
Mobile applications /
Mobile firmware & hardware
MDM9215
Mobile applications /
Mobile firmware & hardware
MDM9310
Mobile applications /
Mobile firmware & hardware
MDM9615
Mobile applications /
Mobile firmware & hardware
MDM9615M
Mobile applications /
Mobile firmware & hardware
QCA6564A
Mobile applications /
Mobile firmware & hardware
QCA6564AU
Mobile applications /
Mobile firmware & hardware
QCA6574A
Mobile applications /
Mobile firmware & hardware
QCA6584AU
Mobile applications /
Mobile firmware & hardware
QCA6696
Mobile applications /
Mobile firmware & hardware
SA6145P
Mobile applications /
Mobile firmware & hardware
SA6150P
Mobile applications /
Mobile firmware & hardware
SA8145P
Mobile applications /
Mobile firmware & hardware
SA8150P
Mobile applications /
Mobile firmware & hardware
SA8155P
Mobile applications /
Mobile firmware & hardware
SA8195P
Mobile applications /
Mobile firmware & hardware
SDX55M
Mobile applications /
Mobile firmware & hardware
WCD9341
Mobile applications /
Mobile firmware & hardware
Vendor: Qualcomm
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Automotive Multimedia when handling multiple session supported by PVM backend. A remote attacker can pass specially crafted data to the system and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
APQ8096AU: All versions
AR6003: All versions
MDM8215: All versions
MDM8215M: All versions
MDM8615M: All versions
MDM9215: All versions
MDM9310: All versions
MDM9615: All versions
MDM9615M: All versions
MSM8996AU: All versions
QCA6564A: All versions
QCA6564AU: All versions
QCA6574A: All versions
QCA6574AU: All versions
QCA6584AU: All versions
QCA6696: All versions
SA6145P: All versions
SA6150P: All versions
SA6155P: All versions
SA8145P: All versions
SA8150P: All versions
SA8155P: All versions
SA8195P: All versions
SA8540P: All versions
SA9000P: All versions
SDX55: All versions
SDX55M: All versions
WCD9341: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.