#VU71024 NULL Pointer Dereference in Qualcomm Mobile applications


Published: 2023-01-10

Vulnerability identifier: #VU71024

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33299

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
APQ8017
Hardware solutions / Firmware
APQ8096AU
Hardware solutions / Firmware
MDM9150
Hardware solutions / Firmware
MDM9206
Hardware solutions / Firmware
MDM9607
Hardware solutions / Firmware
MDM9640
Hardware solutions / Firmware
MDM9650
Hardware solutions / Firmware
MSM8996AU
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
QCA9377
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
SDX20
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
AR8031
Mobile applications / Mobile firmware & hardware
CSRA6620
Mobile applications / Mobile firmware & hardware
CSRA6640
Mobile applications / Mobile firmware & hardware
CSRB31024
Mobile applications / Mobile firmware & hardware
MDM9250
Mobile applications / Mobile firmware & hardware
MDM9628
Mobile applications / Mobile firmware & hardware
QCA6175A
Mobile applications / Mobile firmware & hardware
QCA6564A
Mobile applications / Mobile firmware & hardware
QCA6564AU
Mobile applications / Mobile firmware & hardware
QCA6574
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
QCA6584
Mobile applications / Mobile firmware & hardware
QCA6584AU
Mobile applications / Mobile firmware & hardware
QCA6595
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCA6696
Mobile applications / Mobile firmware & hardware
QCA9367
Mobile applications / Mobile firmware & hardware
QCN9074
Mobile applications / Mobile firmware & hardware
SA415M
Mobile applications / Mobile firmware & hardware
SA515M
Mobile applications / Mobile firmware & hardware
SD626
Mobile applications / Mobile firmware & hardware
SDX20M
Mobile applications / Mobile firmware & hardware
WCD9326
Mobile applications / Mobile firmware & hardware
WCD9335
Mobile applications / Mobile firmware & hardware
WCD9360
Mobile applications / Mobile firmware & hardware
WCN3660B
Mobile applications / Mobile firmware & hardware
WCN3680B
Mobile applications / Mobile firmware & hardware
WCN3980
Mobile applications / Mobile firmware & hardware
WCN3998
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Bluetooth HOST. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8017: All versions

APQ8096AU: All versions

AR8031: All versions

CSRA6620: All versions

CSRA6640: All versions

CSRB31024: All versions

MDM9150: All versions

MDM9206: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MSM8996AU: All versions

QCA6174A: All versions

QCA6175A: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA9367: All versions

QCA9377: All versions

QCN9074: All versions

QCS405: All versions

SA415M: All versions

SA515M: All versions

SD626: All versions

SDX20: All versions

SDX20M: All versions

SDX55: All versions

WCD9326: All versions

WCD9335: All versions

WCD9360: All versions

WCN3660B: All versions

WCN3680B: All versions

WCN3980: All versions

WCN3998: All versions

WSA8815: All versions


External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability