#VU67073 Integer overflow in Qualcomm products - CVE-2022-22081
Published: September 8, 2022
Vulnerability identifier: #VU67073
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-22081
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
QCA6595AU
QCA8081
QCA8337
SA8155P
SA8195P
SD 8 Gen1 5G
SD888 5G
SDX65
SW5100
SW5100P
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7851
WSA8830
WSA8835
SA6155P
SM7450
SM8475
SM8475P
WSA8832
AR8035
QCA6595AU
QCA8081
QCA8337
SA8155P
SA8195P
SD 8 Gen1 5G
SD888 5G
SDX65
SW5100
SW5100P
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7851
WSA8830
WSA8835
SA6155P
SM7450
SM8475
SM8475P
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the audio module. A remote attacker can trick the victim to play a specially crafted media file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.