#VU67827 Out-of-bounds read in Qualcomm products - CVE-2022-25719

Vulnerability identifier: #VU67827

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-25719

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
APQ8017
APQ8053
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
QCA6174A
QCA9377
QCA9379
QCN6132
QCS405
SD205
SD210
SD450
SDM429W
APQ8009W
APQ8016
APQ8037
APQ8052
APQ8056
APQ8076
APQ8084
AR8031
CSR8811
CSRA6620
CSRA6640
IPQ5010
IPQ5018
IPQ5028
IPQ6000
IPQ6010
IPQ6018
IPQ6028
IPQ8070A
IPQ8071A
IPQ8072A
IPQ8074A
IPQ8076
IPQ8076A
IPQ8078
IPQ8078A
IPQ8173
IPQ8174
MDM9205
MDM9225
MDM9225M
MDM9230
MDM9235M
MDM9330
MDM9625
MDM9625M
MDM9630
MDM9635M
MSM8108
MSM8208
MSM8209
MSM8608
MSM8952
MSM8956
MSM8976
MSM8976SG
PM8937
QCA1990
QCA4004
QCA4010
QCA4020
QCA4024
QCA6164
QCA6174
QCA8075
QCA8081
QCA9888
QCA9889
QCN5022
QCN5024
QCN5052
QCN5122
QCN5124
QCN5152
QCN5154
QCN5164
QCN6023
QCN6024
QCN6122
QCN9000
QCN9022
QCN9024
QCN9070
QCN9072
QCN9074
QCN9100
QET4101
QSW8573
Qualcomm215
SD429
SD439
SD632
SDA429W
SDW2500
WCD9306
WCD9326
WCD9335
WCD9340
WCN3610
WCN3615
WCN3620
WCN3660
WCN3660B
WCN3680
WCN3680B
WCN3980
WCN3998
WCN3999
WSA8810
WSA8815

Software vendor:
Qualcomm

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the WLAN component while processing authentication handshake. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

Install updates from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2022-bulletin.html