#VU67822 Information disclosure in Qualcomm products - CVE-2022-25664

Vulnerability identifier: #VU67822

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-25664

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
APQ8053
APQ8096AU
MDM9150
MDM9650
MSM8953
MSM8996AU
QCA6174A
QCA6574AU
QCS605
QCS8155
SA6155P
SD205
SD210
SD835
SD845
SD855
SDM429W
SDX55
APQ8052
APQ8056
APQ8076
AQT1000
MSM8108
MSM8208
MSM8209
MSM8608
MSM8952
MSM8956
MSM8976
MSM8976SG
QAM8295P
QCA6310
QCA6320
QCA6335
QCA6390
QCA6391
QCA6420
QCA6421
QCA6426
QCA6430
QCA6431
QCA6436
QCA6564
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6595AU
QCA6696
QCA8337
QCC5100
QCM6125
QCS410
QCS610
QCS6125
QSM8250
Qualcomm215
SA6145P
SA6150P
SA6155
SA8145P
SA8150P
SA8155
SA8155P
SA8195P
SA8295P
SD 8 Gen1 5G
SD429
SD660
SD820
SD821
SD865 5G
SD870
SD888 5G
SDA429W
SDX50M
SDX55M
SDXR1
SDXR2 5G
SW5100
SW5100P
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9380
WCD9385
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3990
WCN3998
WCN6850
WCN6851
WCN6855
WCN6856
WCN7850
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835

Software vendor:
Qualcomm

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to an error within the Graphics component while GPU reads the data. A local application can gain access to sensitive information.

Install updates from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2022-bulletin.html
• https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/40bce4fceb2ed31e4ab175665fc9e98b21157d9c