#VU69952 Reachable Assertion in Qualcomm products - CVE-2022-25673

Cybersecurity Help s.r.o.

Published: 2022-12-06

Vulnerability identifier: #VU69952

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-25673

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the Modem component when processing configuration from network. A remote attacker can send specially crafted data to the device and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AR8035: All versions

QCA8081: All versions

QCA8337: All versions

QCN6024: All versions

QCN9024: All versions

SD 8 Gen1 5G: All versions

SDX65: All versions

WCD9380: All versions

WCN6855: All versions

WCN6856: All versions

WCN7850: All versions

WCN7851: All versions

WSA8830: All versions

WSA8835: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets