CVE-2022-40524

CVE Database · CVE-2022-40524

CVE-2022-40524

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.11%

Published

Sep 5, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Memory corruption due to buffer over-read in Modem while processing SetNativeHandle RTP service.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-126CWE-125

Affected Products (76)

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · qca6390_firmwarevulnerable

qualcomm · qca6390

qualcomm · qca6391_firmwarevulnerable

qualcomm · qca6391

qualcomm · qca6420_firmwarevulnerable

qualcomm · qca6420

qualcomm · qca6426_firmwarevulnerable

qualcomm · qca6426

qualcomm · qca6430_firmwarevulnerable

· qca6430

References (2)

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

qualcomm · qca6436_firmwarevulnerable

qualcomm · qca6574au_firmwarevulnerable

qualcomm · qca6574au

qualcomm · qca6595au_firmwarevulnerable

qualcomm · qca6595au

qualcomm · qca6696_firmwarevulnerable

qualcomm · qcc5100_firmwarevulnerable

qualcomm · sa6145p_firmwarevulnerable

qualcomm · sa6150p_firmwarevulnerable

qualcomm · sa6155p_firmwarevulnerable

qualcomm · sa8145p_firmwarevulnerable

qualcomm · sa8150p_firmwarevulnerable

qualcomm · sa8155p_firmwarevulnerable

qualcomm · sa8195p_firmwarevulnerable

qualcomm · sd855_firmwarevulnerable

qualcomm · sd865_5g_firmwarevulnerable

qualcomm · sd865_5g

qualcomm · sd870_firmwarevulnerable

qualcomm · sdx55m_firmwarevulnerable

qualcomm · sdxr2_5g_firmwarevulnerable

qualcomm · sdxr2_5g

qualcomm · sw5100_firmwarevulnerable

qualcomm · sw5100p_firmwarevulnerable