Lucene search

QualcommCVELIST:CVE-2022-33217

HistoryOct 17, 2022 - 12:00 a.m.

CVE-2022-33217

2022-10-1700:00:00

qualcomm

www.cve.org

memory corruption

qualcomm ipc

buffer copy

input size check

compromised kernel

snapdragon mobile

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile

CNA Affected

[
  {
    "vendor": "Qualcomm, Inc.",
    "product": "Snapdragon Mobile",
    "versions": [
      {
        "version": "SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8835",
        "status": "affected"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-33217