#VU67821 Out-of-bounds read in Qualcomm products - CVE-2022-25663
Published: October 3, 2022
Vulnerability identifier: #VU67821
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-25663
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
QCA1062
QCA1064
QCA2062
QCA2064
QCA2065
QCA2066
QCA6390
QCA6391
QCA6420
QCA6430
SD 8cx Gen2
SD 8cx Gen3
SD778G
SD7c
SM6250
WCD9340
WCD9341
WCD9380
WCD9385
WCN3990
WCN3991
WCN3998
WCN6750
WCN6855
WCN6856
WSA8810
WSA8815
WSA8830
WSA8835
SD850
AQT1000
QCA1062
QCA1064
QCA2062
QCA2064
QCA2065
QCA2066
QCA6390
QCA6391
QCA6420
QCA6430
SD 8cx Gen2
SD 8cx Gen3
SD778G
SD7c
SM6250
WCD9340
WCD9341
WCD9380
WCD9385
WCN3990
WCN3991
WCN3998
WCN6750
WCN6855
WCN6856
WSA8810
WSA8815
WSA8830
WSA8835
SD850
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the WLAN Windows Host component. A local application can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.