Vulnerability identifier: #VU61832
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
APQ8097
Mobile applications /
Mobile firmware & hardware
IPQ6000
Mobile applications /
Mobile firmware & hardware
IPQ6005
Mobile applications /
Mobile firmware & hardware
IPQ6010
Mobile applications /
Mobile firmware & hardware
IPQ6018
Mobile applications /
Mobile firmware & hardware
IPQ6028
Mobile applications /
Mobile firmware & hardware
MDM9205
Mobile applications /
Mobile firmware & hardware
MSM8997
Mobile applications /
Mobile firmware & hardware
QCA6595
Mobile applications /
Mobile firmware & hardware
QCA6595AU
Mobile applications /
Mobile firmware & hardware
QCN7605W
Mobile applications /
Mobile firmware & hardware
QCN7606
Mobile applications /
Mobile firmware & hardware
QCN7606W
Mobile applications /
Mobile firmware & hardware
QCS401
Mobile applications /
Mobile firmware & hardware
QCS402
Mobile applications /
Mobile firmware & hardware
QCS403
Mobile applications /
Mobile firmware & hardware
QCS404
Mobile applications /
Mobile firmware & hardware
QCS407
Mobile applications /
Mobile firmware & hardware
SA2145P
Mobile applications /
Mobile firmware & hardware
SA2150P
Mobile applications /
Mobile firmware & hardware
SA4150P
Mobile applications /
Mobile firmware & hardware
SA4155P
Mobile applications /
Mobile firmware & hardware
SA415M
Mobile applications /
Mobile firmware & hardware
SA4250P
Mobile applications /
Mobile firmware & hardware
SA515M
Mobile applications /
Mobile firmware & hardware
SA6115
Mobile applications /
Mobile firmware & hardware
SA6115P
Mobile applications /
Mobile firmware & hardware
SA6125
Mobile applications /
Mobile firmware & hardware
SA6125P
Mobile applications /
Mobile firmware & hardware
SA6145
Mobile applications /
Mobile firmware & hardware
SA6145P
Mobile applications /
Mobile firmware & hardware
SA615x
Mobile applications /
Mobile firmware & hardware
SA615xP
Mobile applications /
Mobile firmware & hardware
SA8150P
Mobile applications /
Mobile firmware & hardware
SA8155
Mobile applications /
Mobile firmware & hardware
SA8155P
Mobile applications /
Mobile firmware & hardware
SA8195P
Mobile applications /
Mobile firmware & hardware
SC7180
Mobile applications /
Mobile firmware & hardware
SC7180P
Mobile applications /
Mobile firmware & hardware
SC8180XP
Mobile applications /
Mobile firmware & hardware
SDA658
Mobile applications /
Mobile firmware & hardware
SDA670
Mobile applications /
Mobile firmware & hardware
SDA830
Mobile applications /
Mobile firmware & hardware
SDM640
Mobile applications /
Mobile firmware & hardware
SDM658
Mobile applications /
Mobile firmware & hardware
SDM712
Mobile applications /
Mobile firmware & hardware
SDM830
Mobile applications /
Mobile firmware & hardware
SDM850
Mobile applications /
Mobile firmware & hardware
SDPX55M
Mobile applications /
Mobile firmware & hardware
SDX24M
Mobile applications /
Mobile firmware & hardware
SM4250
Mobile applications /
Mobile firmware & hardware
SM6125
Mobile applications /
Mobile firmware & hardware
SM6150P
Mobile applications /
Mobile firmware & hardware
SM6250
Mobile applications /
Mobile firmware & hardware
SM6250P
Mobile applications /
Mobile firmware & hardware
SM7125
Mobile applications /
Mobile firmware & hardware
SM7150P
Mobile applications /
Mobile firmware & hardware
SM7250
Mobile applications /
Mobile firmware & hardware
SM7250P
Mobile applications /
Mobile firmware & hardware
SM8150P
Mobile applications /
Mobile firmware & hardware
SXR2130P
Mobile applications /
Mobile firmware & hardware
APQ8098
Hardware solutions /
Firmware
MSM8998
Hardware solutions /
Firmware
QCN7605
Hardware solutions /
Firmware
QCS405
Hardware solutions /
Firmware
SC8180X
Hardware solutions /
Firmware
SDA660
Hardware solutions /
Firmware
SDA845
Hardware solutions /
Firmware
SDM660
Hardware solutions /
Firmware
SDM670
Hardware solutions /
Firmware
SDM710
Hardware solutions /
Firmware
SDM845
Hardware solutions /
Firmware
SDX24
Hardware solutions /
Firmware
SDX55
Hardware solutions /
Firmware
SM6150
Hardware solutions /
Firmware
SM7150
Hardware solutions /
Firmware
SM8150
Hardware solutions /
Firmware
SM8250
Hardware solutions /
Firmware
SXR2130
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the EDL Sahara protocol implementation. An attacker with physical access to device can trigger memory corruption and execute arbitrary code on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
APQ8097: All versions
APQ8098: All versions
IPQ6000: All versions
IPQ6005: All versions
IPQ6010: All versions
IPQ6018: All versions
IPQ6028: All versions
MDM9205: All versions
MSM8997: All versions
MSM8998: All versions
QCA6595: All versions
QCA6595AU: All versions
QCN7605: All versions
QCN7605W: All versions
QCN7606: All versions
QCN7606W: All versions
QCS401: All versions
QCS402: All versions
QCS403: All versions
QCS404: All versions
QCS405: All versions
QCS407: All versions
SA2145P: All versions
SA2150P: All versions
SA4150P: All versions
SA4155P: All versions
SA415M: All versions
SA4250P: All versions
SA515M: All versions
SA6115: All versions
SA6115P: All versions
SA6125: All versions
SA6125P: All versions
SA6145: All versions
SA6145P: All versions
SA615x: All versions
SA615xP: All versions
SA8150P: All versions
SA8155: All versions
SA8155P: All versions
SA8195P: All versions
SC7180: All versions
SC7180P: All versions
SC8180X: All versions
SC8180XP: All versions
SDA658: All versions
SDA660: All versions
SDA670: All versions
SDA830: All versions
SDA845: All versions
SDM640: All versions
SDM658: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM712: All versions
SDM830: All versions
SDM845: All versions
SDM850: All versions
SDPX55M: All versions
SDX24: All versions
SDX24M: All versions
SDX55: All versions
SM4250: All versions
SM6125: All versions
SM6150: All versions
SM6150P: All versions
SM6250: All versions
SM6250P: All versions
SM7125: All versions
SM7150: All versions
SM7150P: All versions
SM7250: All versions
SM7250P: All versions
SM8150: All versions
SM8150P: All versions
SM8250: All versions
SXR2130: All versions
SXR2130P: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.