CVE-2022-22061

CVE Database · CVE-2022-22061

CVE-2022-22061

· HIGHModified

CVSS v3.1

7.8

EPSS

0.12%

Published

Sep 2, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (66)

qualcomm · ar8035_firmwarevulnerable

qualcomm · ar8035

qualcomm · qca6390_firmwarevulnerable

qualcomm · qca6390

qualcomm · qca6391_firmwarevulnerable

qualcomm · qca6391

qualcomm · qca6421_firmwarevulnerable

qualcomm · qca6421

qualcomm · qca6426_firmwarevulnerable

qualcomm · qca6426

qualcomm · qca6431_firmwarevulnerable

· qca6431

References (2)

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs