#VU74310 Buffer over-read in Qualcomm products - CVE-2022-25726


Vulnerability identifier: #VU74310

Vulnerability risk: High

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-25726

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
9205 LTE Modem
Mobile applications / Mobile firmware & hardware
9206 LTE Modem
Mobile applications / Mobile firmware & hardware
9207 LTE Modem
Mobile applications / Mobile firmware & hardware
FastConnect 6900
Mobile applications / Mobile firmware & hardware
FastConnect 7800
Mobile applications / Mobile firmware & hardware
MDM8207
Mobile applications / Mobile firmware & hardware
QCA4004
Mobile applications / Mobile firmware & hardware
QTS110
Mobile applications / Mobile firmware & hardware
Snapdragon 1100 Wearable Platform
Mobile applications / Mobile firmware & hardware
Snapdragon 1200 Wearable Platform
Mobile applications / Mobile firmware & hardware
Snapdragon AR2 Gen 1 Platform
Mobile applications / Mobile firmware & hardware
Snapdragon Wear 1300 Platform
Mobile applications / Mobile firmware & hardware
Snapdragon X5 LTE Modem
Mobile applications / Mobile firmware & hardware
SSG2115P
Mobile applications / Mobile firmware & hardware
SSG2125P
Mobile applications / Mobile firmware & hardware
SXR1230P
Mobile applications / Mobile firmware & hardware
SXR2230P
Mobile applications / Mobile firmware & hardware
WCD9306
Mobile applications / Mobile firmware & hardware
WCD9330
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCD9385
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware
WSA8832
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in MODEM. A remote attacker can read and manipulate data.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

9205 LTE Modem: All versions

9206 LTE Modem: All versions

9207 LTE Modem: All versions

FastConnect 6900: All versions

FastConnect 7800: All versions

MDM8207: All versions

QCA4004: All versions

QTS110: All versions

Snapdragon 1100 Wearable Platform: All versions

Snapdragon 1200 Wearable Platform: All versions

Snapdragon AR2 Gen 1 Platform: All versions

Snapdragon Wear 1300 Platform: All versions

Snapdragon X5 LTE Modem: All versions

SSG2115P: All versions

SSG2125P: All versions

SXR1230P: All versions

SXR2230P: All versions

WCD9306: All versions

WCD9330: All versions

WCD9380: All versions

WCD9385: All versions

WSA8830: All versions

WSA8832: All versions

WSA8835: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2023-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets