Lucene search

QualcommCVELIST:CVE-2022-33225

HistoryFeb 09, 2023 - 6:58 a.m.

CVE-2022-33225 Use after free in Trusted Application Environment

2023-02-0906:58:28

CWE-416

qualcomm

www.cve.org

memory corruption

trusted application environment

cve-2022-33225

use after free

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.2%

JSON

Memory corruption due to use after free in trusted application environment.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Auto",
      "Snapdragon Compute",
      "Snapdragon Mobile",
      "Snapdragon Wearables"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8096AU"
      },
      {
        "status": "affected",
        "version": "MDM9628"
      },
      {
        "status": "affected",
        "version": "MSM8996AU"
      },
      {
        "status": "affected",
        "version": "QCA6390"
      },
      {
        "status": "affected",
        "version": "QCA6391"
      },
      {
        "status": "affected",
        "version": "QCA6426"
      },
      {
        "status": "affected",
        "version": "QCA6436"
      },
      {
        "status": "affected",
        "version": "QCA6564A"
      },
      {
        "status": "affected",
        "version": "QCA6564AU"
      },
      {
        "status": "affected",
        "version": "QCA6574A"
      },
      {
        "status": "affected",
        "version": "QCA6574AU"
      },
      {
        "status": "affected",
        "version": "Qualcomm215"
      },
      {
        "status": "affected",
        "version": "SD205"
      },
      {
        "status": "affected",
        "version": "SD210"
      },
      {
        "status": "affected",
        "version": "SD429"
      },
      {
        "status": "affected",
        "version": "SD865 5G"
      },
      {
        "status": "affected",
        "version": "SD870"
      },
      {
        "status": "affected",
        "version": "SDM429W"
      },
      {
        "status": "affected",
        "version": "SDX55M"
      },
      {
        "status": "affected",
        "version": "SDXR2 5G"
      },
      {
        "status": "affected",
        "version": "WCD9340"
      },
      {
        "status": "affected",
        "version": "WCD9380"
      },
      {
        "status": "affected",
        "version": "WCN3610"
      },
      {
        "status": "affected",
        "version": "WCN3620"
      },
      {
        "status": "affected",
        "version": "WCN3660B"
      },
      {
        "status": "affected",
        "version": "WCN6850"
      },
      {
        "status": "affected",
        "version": "WCN6851"
      },
      {
        "status": "affected",
        "version": "WSA8810"
      },
      {
        "status": "affected",
        "version": "WSA8815"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.2%

JSON

Related for CVELIST:CVE-2022-33225