Lucene search

[email protected]CVE-2022-40538

HistoryJun 06, 2023 - 8:15 a.m.

CVE-2022-40538

2023-06-0608:15:11

CWE-617

[email protected]

web.nvd.nist.gov

cve-2022-40538

transient dos

modem

assertion

incorrect values

sib

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network.

Affected configurations

NVD

Node

qualcommar8035Match-

AND

qualcommar8035_firmwareMatch-

Node

qualcommwcn685x-5Match-

AND

qualcommwcn685x-5_firmwareMatch-

Node

qualcommwcn685x-1Match-

AND

qualcommwcn685x-1_firmwareMatch-

Node

qualcommwcn785x-1Match-

AND

qualcommwcn785x-1_firmwareMatch-

Node

qualcommwcn785x-5Match-

AND

qualcommwcn785x-5_firmwareMatch-

Node

qualcommqca8081Match-

AND

qualcommqca8081_firmwareMatch-

Node

qualcommqca8337Match-

AND

qualcommqca8337_firmwareMatch-

Node

qualcommqcn6024_firmwareMatch-

AND

qualcommqcn6024Match-

Node

qualcommqcn9024_firmwareMatch-

AND

qualcommqcn9024Match-

Node

qualcommqcs8550_firmwareMatch-

AND

qualcommqcs8550Match-

Node

qualcommsnapdragon_x65_5g_modem-rf_system_firmwareMatch-

AND

qualcommsnapdragon_x65_5g_modem-rf_systemMatch-

Node

qualcommsnapdragon_x70_modem-rf_system_firmwareMatch-

AND

qualcommsnapdragon_x70_modem-rf_systemMatch-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

CPENameOperatorVersion
qualcomm:ar8035_firmwarequalcomm ar8035 firmwareeq-

CPE	Name	Operator	Version
qualcomm:ar8035_firmware	qualcomm ar8035 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Consumer IOT",
      "Snapdragon Mobile"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AR8035"
      },
      {
        "status": "affected",
        "version": "FastConnect 6900"
      },
      {
        "status": "affected",
        "version": "FastConnect 7800"
      },
      {
        "status": "affected",
        "version": "QCA8081"
      },
      {
        "status": "affected",
        "version": "QCA8337"
      },
      {
        "status": "affected",
        "version": "QCN6024"
      },
      {
        "status": "affected",
        "version": "QCN9024"
      },
      {
        "status": "affected",
        "version": "QCS8550"
      },
      {
        "status": "affected",
        "version": "Snapdragon X65 5G Modem-RF System"
      },
      {
        "status": "affected",
        "version": "Snapdragon X70 Modem-RF System"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for CVE-2022-40538

vulnrichment1 nvd1 prion1 cvelist1