Lucene search

[email protected]CVE-2022-33292

HistoryMay 02, 2023 - 6:15 a.m.

CVE-2022-33292

2023-05-0206:15:09

CWE-416

[email protected]

web.nvd.nist.gov

cve-2022-33292

memory corruption

qualcomm ipc

use after free

security vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.

Affected configurations

NVD

Node

qualcommsg4150p_firmwareMatch-

AND

qualcommsg4150pMatch-

Node

qualcommsm6225_firmwareMatch-

AND

qualcommsm6225Match-

Node

qualcommsm6225-ad_firmwareMatch-

AND

qualcommsm6225-adMatch-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9375_firmwareMatch-

AND

qualcommwcd9375Match-

Node

qualcommwcn3950_firmwareMatch-

AND

qualcommwcn3950Match-

Node

qualcommwcn3988_firmwareMatch-

AND

qualcommwcn3988Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

CPENameOperatorVersion
qualcomm:sg4150p_firmwarequalcomm sg4150p firmwareeq-

CPE	Name	Operator	Version
qualcomm:sg4150p_firmware	qualcomm sg4150p firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Compute",
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SG4150P"
      },
      {
        "status": "affected",
        "version": "Snapdragon 680 4G Mobile Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
      },
      {
        "status": "affected",
        "version": "WCD9370"
      },
      {
        "status": "affected",
        "version": "WCD9375"
      },
      {
        "status": "affected",
        "version": "WCN3950"
      },
      {
        "status": "affected",
        "version": "WCN3988"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-33292

prion1 cvelist1 nvd1