#VU69950 Buffer overflow in Qualcomm products - CVE-2022-25712
Published: December 6, 2022
Vulnerability identifier: #VU69950
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-25712
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
QCA6310
QCA6335
QCA6390
QCA6391
QCA6420
QCA6426
QCA6430
QCA6436
QCC5100
QCS410
QCS610
Qualcomm215
SD865 5G
SD870
SDA429W
SDX55M
SDXR1
SDXR2 5G
SW5100
SW5100P
WCD9326
WCD9340
WCD9341
WCD9370
WCD9380
WCN3610
WCN3660B
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3990
WCN3998
WCN6850
WCN6851
WSA8810
WSA8815
WSA8830
WSA8835
MDM9150
SD205
SD210
SD710
SD845
SD855
AQT1000
QCA6310
QCA6335
QCA6390
QCA6391
QCA6420
QCA6426
QCA6430
QCA6436
QCC5100
QCS410
QCS610
Qualcomm215
SD865 5G
SD870
SDA429W
SDX55M
SDXR1
SDXR2 5G
SW5100
SW5100P
WCD9326
WCD9340
WCD9341
WCD9370
WCD9380
WCN3610
WCN3660B
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3990
WCN3998
WCN6850
WCN6851
WSA8810
WSA8815
WSA8830
WSA8835
MDM9150
SD205
SD210
SD710
SD845
SD855
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Camera driver. A local application can trigger memory corruption and execute arbitrary code on the device.
Remediation
Install updates from vendor's website.
External links
- https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2022-bulletin.html
- https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/c2a6be3561cf99587a4297aea72cf1c955c57713
- https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/e561ca2a21c48d2d452e114c5bf4867cd0599857