Lucene search

QualcommCVELIST:CVE-2022-40525

HistoryJun 06, 2023 - 7:38 a.m.

CVE-2022-40525 Information Exposure in Linux Networking Firmware

2023-06-0607:38:59

CWE-200

qualcomm

www.cve.org

linux networking firmware

information exposure

side channel analysis

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Wired Infrastructure and Networking"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "CSR8811"
      },
      {
        "status": "affected",
        "version": "IPQ6000"
      },
      {
        "status": "affected",
        "version": "IPQ6005"
      },
      {
        "status": "affected",
        "version": "IPQ6010"
      },
      {
        "status": "affected",
        "version": "IPQ6018"
      },
      {
        "status": "affected",
        "version": "IPQ6028"
      },
      {
        "status": "affected",
        "version": "IPQ9008"
      },
      {
        "status": "affected",
        "version": "IPQ9574"
      },
      {
        "status": "affected",
        "version": "QCA4024"
      },
      {
        "status": "affected",
        "version": "QCA8072"
      },
      {
        "status": "affected",
        "version": "QCA8075"
      },
      {
        "status": "affected",
        "version": "QCA8081"
      },
      {
        "status": "affected",
        "version": "QCA8082"
      },
      {
        "status": "affected",
        "version": "QCA8084"
      },
      {
        "status": "affected",
        "version": "QCA8085"
      },
      {
        "status": "affected",
        "version": "QCA8386"
      },
      {
        "status": "affected",
        "version": "QCN5021"
      },
      {
        "status": "affected",
        "version": "QCN5022"
      },
      {
        "status": "affected",
        "version": "QCN5052"
      },
      {
        "status": "affected",
        "version": "QCN5121"
      },
      {
        "status": "affected",
        "version": "QCN5122"
      },
      {
        "status": "affected",
        "version": "QCN5152"
      },
      {
        "status": "affected",
        "version": "QCN6023"
      },
      {
        "status": "affected",
        "version": "QCN6024"
      },
      {
        "status": "affected",
        "version": "QCN9000"
      },
      {
        "status": "affected",
        "version": "QCN9022"
      },
      {
        "status": "affected",
        "version": "QCN9024"
      },
      {
        "status": "affected",
        "version": "QCN9070"
      },
      {
        "status": "affected",
        "version": "QCN9072"
      },
      {
        "status": "affected",
        "version": "QCN9074"
      },
      {
        "status": "affected",
        "version": "QCN9274"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-40525