#VU67830 Use of Out-of-range Pointer Offset in Qualcomm products - CVE-2022-33210
Published: October 3, 2022
Vulnerability identifier: #VU67830
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-33210
CWE-ID: CWE-823
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8064AU
QAM8295P
QCA6564A
QCA6564AU
QCA6574A
QCA6584AU
QCA6595AU
QCA6696
SA6145P
SA6150P
SA6155
SA8145P
SA8150P
SA8155
SA8155P
SA8195P
SA8295P
APQ8096AU
MSM8996AU
QCA6574AU
SA6155P
SA8540P
SA9000P
APQ8064AU
QAM8295P
QCA6564A
QCA6564AU
QCA6574A
QCA6584AU
QCA6595AU
QCA6696
SA6145P
SA6150P
SA6155
SA8145P
SA8150P
SA8155
SA8155P
SA8195P
SA8295P
APQ8096AU
MSM8996AU
QCA6574AU
SA6155P
SA8540P
SA9000P
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Automotive Multimedia when processing command request packets with a very large type value. A local application can trigger a boundary error and execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.