#VU74312 Incorrect Calculation of Buffer Size in Qualcomm products - CVE-2022-25731
Published: April 3, 2023
Vulnerability identifier: #VU74312
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-25731
CWE-ID: CWE-131
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
9205 LTE Modem
9206 LTE Modem
9207 LTE Modem
MDM8207
QCA4004
QCA4010
QTS110
Snapdragon 1100 Wearable Platform
Snapdragon 1200 Wearable Platform
Snapdragon Wear 1300 Platform
Snapdragon X5 LTE Modem
WCD9306
WCD9330
9205 LTE Modem
9206 LTE Modem
9207 LTE Modem
MDM8207
QCA4004
QCA4010
QTS110
Snapdragon 1100 Wearable Platform
Snapdragon 1200 Wearable Platform
Snapdragon Wear 1300 Platform
Snapdragon X5 LTE Modem
WCD9306
WCD9330
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation in MODEM. A remote attacker can gain access to sensitive information.
Remediation
Install security update from vendor's website.