#VU71028 Buffer over-read in Qualcomm products - CVE-2022-22079
Published: January 10, 2023
Vulnerability identifier: #VU71028
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22079
CWE-ID: CWE-126
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8096AU
MDM9150
MDM9650
MSM8909W
MSM8996AU
QCA6174A
QCA6574AU
QCA9377
QCA9379
SD210
SD625
SD835
SDM429W
SDX20
APQ8009W
APQ8064AU
MDM9250
MDM9628
MSM8108
MSM8208
MSM8209
MSM8608
QCA4020
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
Qualcomm215
SD429
SD626
SDA429W
SDW2500
SDX20M
WCD9326
WCD9335
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3980
WCN3990
WSA8815
APQ8009
APQ8096AU
MDM9150
MDM9650
MSM8909W
MSM8996AU
QCA6174A
QCA6574AU
QCA9377
QCA9379
SD210
SD625
SD835
SDM429W
SDX20
APQ8009W
APQ8064AU
MDM9250
MDM9628
MSM8108
MSM8208
MSM8209
MSM8608
QCA4020
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
Qualcomm215
SD429
SD626
SDA429W
SDW2500
SDX20M
WCD9326
WCD9335
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3980
WCN3990
WSA8815
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in BOOT. A local attacker can perform a denial of service (DoS) attack.
Remediation
Install security update from vendor's website.