#VU69951 Reachable Assertion in Qualcomm products - CVE-2022-25672

Cybersecurity Help s.r.o.

Published: 2022-12-06

Vulnerability identifier: #VU69951

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-25672

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the Modem component when processing SIB1 with invalid Bandwidth. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AR8035: All versions

QCA8081: All versions

QCA8337: All versions

QCN6024: All versions

QCN9024: All versions

SD 8 Gen1 5G: All versions

SD480: All versions

SD695: All versions

SDX65: All versions

SM4375: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3988: All versions

WCN3998: All versions

WCN6855: All versions

WCN6856: All versions

WCN7850: All versions

WCN7851: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets