CVE-2022-33268

CVE Database · CVE-2022-33268

CVE-2022-33268

· HIGHModified

CVSS v3.1

8.2

EPSS

0.45%

Published

Dec 13, 2022

Modified

Apr 22, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weaknesses (CWE)

CWE-125CWE-125

Affected Products (190)

qualcomm · apq8009_firmwarevulnerable

qualcomm · apq8009

qualcomm · apq8017_firmwarevulnerable

qualcomm · apq8017

qualcomm · ar8031_firmwarevulnerable

qualcomm · ar8031

qualcomm · csra6620_firmwarevulnerable

qualcomm · csra6620

qualcomm · csra6640_firmwarevulnerable

qualcomm · csra6640

qualcomm · mdm9206_firmwarevulnerable

· mdm9206

References (2)

https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs