Vulnerability identifier: #VU64039
Vulnerability risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-617
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
AQT1000
Mobile applications /
Mobile firmware & hardware
QCA6390
Mobile applications /
Mobile firmware & hardware
QCA6391
Mobile applications /
Mobile firmware & hardware
QCA6420
Mobile applications /
Mobile firmware & hardware
QCA6421
Mobile applications /
Mobile firmware & hardware
QCA6426
Mobile applications /
Mobile firmware & hardware
QCA6430
Mobile applications /
Mobile firmware & hardware
QCA6431
Mobile applications /
Mobile firmware & hardware
QCA6436
Mobile applications /
Mobile firmware & hardware
SD 8CX
Mobile applications /
Mobile firmware & hardware
SD 8cx Gen2
Mobile applications /
Mobile firmware & hardware
SD865 5G
Mobile applications /
Mobile firmware & hardware
SD870
Mobile applications /
Mobile firmware & hardware
SD888 5G
Mobile applications /
Mobile firmware & hardware
SDX55M
Mobile applications /
Mobile firmware & hardware
SDXR2 5G
Mobile applications /
Mobile firmware & hardware
WCD9340
Mobile applications /
Mobile firmware & hardware
WCD9341
Mobile applications /
Mobile firmware & hardware
WCD9380
Mobile applications /
Mobile firmware & hardware
WCN3998
Mobile applications /
Mobile firmware & hardware
WSA8810
Mobile applications /
Mobile firmware & hardware
WSA8815
Mobile applications /
Mobile firmware & hardware
SA8540P
Hardware solutions /
Firmware
SA9000P
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of writes to virtual GICR control in Kernel. A local attacker can cause assertion failure in the hypervisor and perform a denial of service attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AQT1000: All versions
QCA6390: All versions
QCA6391: All versions
QCA6420: All versions
QCA6421: All versions
QCA6426: All versions
QCA6430: All versions
QCA6431: All versions
QCA6436: All versions
SA8540P: All versions
SA9000P: All versions
SD 8CX: All versions
SD 8cx Gen2: All versions
SD865 5G: All versions
SD870: All versions
SD888 5G: All versions
SDX55M: All versions
SDXR2 5G: All versions
WCD9340: All versions
WCD9341: All versions
WCD9380: All versions
WCN3998: All versions
WSA8810: All versions
WSA8815: All versions
External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/june-2022-bulletin.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.