#VU67092 Buffer overflow in Qualcomm products - CVE-2022-25654
Published: September 8, 2022
Vulnerability identifier: #VU67092
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-25654
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8096AU
MDM9650
QCA6174A
QCA6574AU
QCS605
SDM429W
QCS603
Qualcomm215
SD429
SD820
WCD9326
WCD9335
WCD9341
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3980
WCN3990
WSA8810
WSA8815
APQ8096AU
MDM9650
QCA6174A
QCA6574AU
QCS605
SDM429W
QCS603
Qualcomm215
SD429
SD820
WCD9326
WCD9335
WCD9341
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3980
WCN3990
WSA8810
WSA8815
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing ION commands within kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.