CVE-2022-25677

CVE Database · CVE-2022-25677

CVE-2022-25677

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.12%

Published

Dec 13, 2022

Modified

Apr 22, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (286)

qualcomm · apq8096au_firmwarevulnerable

qualcomm · apq8096au

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · ar9380_firmwarevulnerable

qualcomm · ar9380

qualcomm · csr8811_firmwarevulnerable

qualcomm · csr8811

qualcomm · ipq4018_firmwarevulnerable

qualcomm · ipq4018

qualcomm · ipq4019_firmwarevulnerable

· ipq4019

References (2)

https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs