Reachable Assertion in Qualcomm Mobile applications

#VU69021 Reachable Assertion in Qualcomm Mobile applications

Published: 2022-11-07

Vulnerability identifier: #VU69021

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25671

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the modem component. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AR8035: All versions

QCA8081: All versions

QCA8337: All versions

QCN6024: All versions

QCN9024: All versions

SD 8 Gen1 5G: All versions

SDX65: All versions

WCD9380: All versions

WCN6855: All versions

WCN6856: All versions

WCN7850: All versions

WCN7851: All versions

WSA8830: All versions

WSA8835: All versions

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/november-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets