April 2023 Security Bulletin
Published: 04/03/2023
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2022-40503 | Wu Chen of OPPO Amber Security Lab |
| CVE-2022-33296 | Peter Park (peterpark) |
| CVE-2022-33297,CVE-2022-33298 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
| CVE-2022-33301 | Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-25678 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-25740 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-25745 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-33211 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-33231 | Critical | Critical | QTEE | Internal |
| CVE-2022-33259 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-33288 | Critical | Critical | Storage | Internal |
| CVE-2022-33289 | Critical | Medium | User Identity Module | Internal |
| CVE-2022-33302 | Critical | Medium | User Identity Module | Internal |
| CVE-2022-25726 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25730 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25731 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25737 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25739 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25747 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33222 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33223 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33228 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33258 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33269 | High | Critical | Core | Internal |
| CVE-2022-33270 | High | High | Modem | Internal |
| CVE-2022-33282 | High | High | Multimedia | Internal |
| CVE-2022-33287 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33291 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33294 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33295 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-40532 | High | High | WLAN Firmware | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-33296 | Medium | Medium | Modem | 05/02/2022 |
| CVE-2022-33297 | Medium | Medium | Linux | 05/28/2022 |
| CVE-2022-33298 | Medium | Medium | Data Network Stack & Connectivity | 05/11/2022 |
CVE-2022-25678
| CVE ID | CVE-2022-25678 |
| Title | Buffer Copy Without Checking Size of Input in MODEM |
| Description | Memory correction in modem due to buffer overwrite during coap connection |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-25740
| CVE ID | CVE-2022-25740 |
| Title | Buffer Copy Without Checking Size of Input in MODEM |
| Description | Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-25745
| CVE ID | CVE-2022-25745 |
| Title | Always Incorrect Control Flow Implementation in MODEM |
| Description | Memory corruption in modem due to improper input validation while handling the incoming CoAP message |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-670 Always-Incorrect Control Flow Implementation |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, QCA4004, QTS110, Snapdragon Wear 1300 Platform, WCD9306 |
CVE-2022-33211
| CVE ID | CVE-2022-33211 |
| Title | Improper Input Validation in MODEM |
| Description | memory corruption in modem due to improper check while calculating size of serialized CoAP message |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33231
| CVE ID | CVE-2022-33231 |
| Title | Double free in Core |
| Description | Memory corruption due to double free in core while initializing the encryption key. |
| Technology Area | QTEE |
| Vulnerability Type | CWE-415 Double Free |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.3 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 315 5G IoT Modem, 9205 LTE Modem, AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, FSM10056, Home Hub 100 Platform, IPQ9008, IPQ9574, MSM8108, MSM8209, MSM8608, QAM8295P, QCA4004, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9379, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN7606, QCN9011, QCN9012, QCN9024, QCN9074, QCN9274, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCS8155, QRB5165M, QRB5165N, QSM8250, QSM8350, QTS110, Qualcomm 205 Mobile Platform, Qualcomm Robotics RB3 Platform, Qualcomm Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 455, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD660, SD662, SD670, SD675, SD730, SD778G, SD7c, SD835, SD855, SD865 5G, SD888, SDX55, SDX57M, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 630 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 835 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X24 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1120, SXR1230P, SXR2130, SXR2230P, Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3999, WCN6740, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33259
| CVE ID | CVE-2022-33259 |
| Title | Buffer copy without checking the size of input in Modem |
| Description | Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33288
| CVE ID | CVE-2022-33288 |
| Title | Buffer copy without checking the size of input in Core |
| Description | Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information. |
| Technology Area | Storage |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.3 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 315 5G IoT Modem, AQT1000, AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9377, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS6490, QRB5165M, QRB5165N, QSM8250, QSM8350, Qualcomm Robotics RB3 Platform, Qualcomm Robotics RB5 Platform, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD778G, SD855, SD865 5G, SD888, SDX55, SDX57M, SM7250P, SM7315, SM7325P, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 690 5G Mobile Platform, Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon X24 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SSG2115P, SSG2125P, SXR1230P, SXR2130, SXR2230P, Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9326, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33289
| CVE ID | CVE-2022-33289 |
| Title | Improper validation of array index in Modem |
| Description | Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. |
| Technology Area | User Identity Module |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 315 5G IoT Modem, 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, APQ8017, APQ8037, AQT1000, AR6003, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9615, MDM9615M, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN6024, QCN9024, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QTS110, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm Robotics RB3 Platform, SC8180X+SDX55, SD 455, SD 675, SD 8cx Gen2, SD460, SD626, SD660, SD662, SD670, SD675, SD730, SD778G, SD7c, SD820, SD835, SD855, SD865 5G, SD888, SDM429W, SDX55, SDX57M, SG4150P, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 427 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 430 Mobile Platform, Snapdragon 435 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 450 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 630 Mobile Platform, Snapdragon 632 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon Wear 2100 Platform, Snapdragon Wear 2500 Platform, Snapdragon Wear 3100 Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon Auto 4G Modem, SW5100, SW5100P, SXR1120, SXR2130, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33302
| CVE ID | CVE-2022-33302 |
| Title | Improper validation of array index in User Identity Module |
| Description | Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. |
| Technology Area | User Identity Module |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 315 5G IoT Modem, 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, APQ8017, APQ8037, AQT1000, AR6003, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9615, MDM9615M, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN6024, QCN9024, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QTS110, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm Robotics RB3 Platform, SC8180X+SDX55, SD 455, SD 675, SD 8cx Gen2, SD460, SD626, SD660, SD662, SD670, SD675, SD730, SD778G, SD7c, SD820, SD835, SD855, SD865 5G, SD888, SDM429W, SDX55, SDX57M, SG4150P, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 427 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 430 Mobile Platform, Snapdragon 435 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 450 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 630 Mobile Platform, Snapdragon 632 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon Wear 2100 Platform, Snapdragon Wear 2500 Platform, Snapdragon Wear 3100 Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon Auto 4G Modem, SW5100, SW5100P, SXR1120, SXR2130, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-25726
| CVE ID | CVE-2022-25726 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, FastConnect 6900, FastConnect 7800, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9380, WCD9385, WSA8830, WSA8832, WSA8835 |
CVE-2022-25730
| CVE ID | CVE-2022-25730 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem due to improper check of IP type while processing DNS server query |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, FastConnect 6900, FastConnect 7800, MDM8207, QCA4004, QCA4010, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9380, WCD9385, WSA8830, WSA8832, WSA8835 |
CVE-2022-25731
| CVE ID | CVE-2022-25731 |
| Title | Incorrect Calculation of Buffer Size in MODEM |
| Description | Information disclosure in modem due to buffer over-read while processing packets from DNS server |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-131 Incorrect Calculation of Buffer Size |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QCA4010, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-25737
| CVE ID | CVE-2022-25737 |
| Title | Use of Uninitialized Variable in MODEM |
| Description | Information disclosure in modem due to missing NULL check while reading packets received from local network |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-457 Use of Uninitialized Variable |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-25739
| CVE ID | CVE-2022-25739 |
| Title | Null Point Dereference in MODEM |
| Description | Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, FastConnect 6900, FastConnect 7800, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9380, WCD9385, WSA8830, WSA8832, WSA8835 |
CVE-2022-25747
| CVE ID | CVE-2022-25747 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33222
| CVE ID | CVE-2022-33222 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure due to buffer over-read while parsing DNS response packets in Modem. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QCA4010, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33223
| CVE ID | CVE-2022-33223 |
| Title | Null pointer dereference in Modem |
| Description | Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33228
| CVE ID | CVE-2022-33228 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33258
| CVE ID | CVE-2022-33258 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure due to buffer over-read in modem while reading configuration parameters. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33269
| CVE ID | CVE-2022-33269 |
| Title | Integer overflow or wraparound in Core |
| Description | Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. |
| Technology Area | Core |
| Vulnerability Type | CWE-190 Integer Overflow or Wraparound |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Critical |
| CVSS Score | 9.3 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | AQT1000, AR8035, FastConnect 6200, FastConnect 6800, FastConnect 6900, FastConnect 7800, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9377, QCN6024, QCN9024, QSM8350, Qualcomm Robotics RB3 Platform, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD855, SD865 5G, SDX55, SDX57M, SM7250P, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR2 Gen 1 Platform, Snapdragon X24 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR2 5G Platform, SSG2115P, SSG2125P, SXR1230P, SXR2130, SXR2230P, Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3990, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33270
| CVE ID | CVE-2022-33270 |
| Title | Time-of-check time-of-use race condition in Modem |
| Description | Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message. |
| Technology Area | Modem |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | AR8035, FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, QCA6391, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCM6490, QCN6024, QCN9024, QCS6490, SD778G, SDX57M, SM7325P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 695 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon Auto 5G Modem-RF, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33282
| CVE ID | CVE-2022-33282 |
| Title | Integer overflow to buffer overflow in Automotive Multimedia |
| Description | Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2023/01/02 |
| Affected Chipsets* | MSM8996AU, QAM8295P, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P |
CVE-2022-33287
| CVE ID | CVE-2022-33287 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, AR8031, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6900, FastConnect 7800, Home Hub 100 Platform, MDM8207, QCA4004, QCA4010, QCA4024, QTS110, Smart Audio 400 Platform, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3999, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33291
| CVE ID | CVE-2022-33291 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, AR8031, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6900, FastConnect 7800, Home Hub 100 Platform, MDM8207, QCA4004, QCA4010, QCA4024, QTS110, Smart Audio 400 Platform, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3999, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33294
| CVE ID | CVE-2022-33294 |
| Title | NULL pointer dereference in Modem |
| Description | Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-33295
| CVE ID | CVE-2022-33295 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 9205 LTE Modem, 9206 LTE Modem, 9207 LTE Modem, MDM8207, QCA4004, QTS110, Snapdragon 1100 Wearable Platform, Snapdragon 1200 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon X5 LTE Modem, WCD9306, WCD9330 |
CVE-2022-40532
| CVE ID | CVE-2022-40532 |
| Title | Integer overflow or wraparound in WLAN |
| Description | Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-190 Integer Overflow or Wraparound |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2023/01/02 |
| Affected Chipsets* | 315 5G IoT Modem, 9205 LTE Modem, APQ8016, APQ8017, APQ8037, APQ8064AU, APQ8076, APQ8092, APQ8094, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, Home Hub 100 Platform, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM8215, MDM9215, MDM9250, MDM9310, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, PM8937, PMP8074, QAM8295P, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4004, QCA4024, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QET4101, QRB5165M, QRB5165N, QSM8250, QSM8350, QSW8573, QTS110, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm Robotics RB3 Platform, Qualcomm Robotics RB5 Platform, SA4150P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD626, SD660, SD662, SD670, SD675, SD730, SD778G, SD7c, SD820, SD835, SD855, SD865 5G, SD888, SDM429W, SDX20M, SDX55, SG4150P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 427 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 430 Mobile Platform, Snapdragon 435 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 450 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 630 Mobile Platform, Snapdragon 632 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 652 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 808 Processor, Snapdragon 810 Processor, Snapdragon 820 Automotive Platform, Snapdragon 820 Mobile Platform, Snapdragon 835 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 850 Mobile Compute Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon AR2 Gen 1 Platform, Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 1300 Platform, Snapdragon Wear 2100 Platform, Snapdragon Wear 2500 Platform, Snapdragon Wear 3100 Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1120, SXR1230P, SXR2130, SXR2230P, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3999, WCN6740, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33296
| CVE ID | CVE-2022-33296 |
| Title | Integer overflow to buffer overflow in Modem |
| Description | Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. |
| Technology Area | Modem |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 5.9 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | 2022/05/02 |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | 315 5G IoT Modem, APQ8017, AQT1000, AR8035, CSRB31024, FastConnect 6200, FastConnect 6800, FastConnect 6900, FastConnect 7800, MDM9628, QCA6310, QCA6320, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCM6125, QCN6024, QCN9024, QCS410, QCS610, QCS6125, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, SD 675, SD670, SD675, SD730, SD7c, SD835, SD855, SD865 5G, SDX55, SM6250, SM6250P, SM7250P, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 712 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 835 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X70 Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon Auto 4G Modem, SW5100, SW5100P, SXR1120, SXR2130, Vision Intelligence 300 Platform, Vision Intelligence 400 Platform, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33297
| CVE ID | CVE-2022-33297 |
| Title | Buffer overread in Linux Sensors |
| Description | Information disclosure due to buffer overread in Linux sensors |
| Technology Area | Linux |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | 2022/05/28 |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | QCA6310, QCA6320, SD835, Snapdragon 835 Mobile Platform, WCD9335, WCD9340, WCD9341, WCN3990, WSA8810, WSA8815 |
CVE-2022-33298
| CVE ID | CVE-2022-33298 |
| Title | Use after free in Modem |
| Description | Memory corruption due to use after free in Modem while modem initialization. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/05/11 |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | AQT1000, FastConnect 6200, FastConnect 6800, FastConnect 6900, QCA6310, QCA6320, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD730, SD835, SD855, SD865 5G, SDX55, SM6250, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 835 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 4100+ Platform, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, SW5100, SW5100P, SXR1120, SXR2130, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WSA8810, WSA8815, WSA8830, WSA8835 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-40503 | High | High | Bluetooth HOST | 06/13/2022 |
| CVE-2023-21630 | High | High | Multimedia Frameworks | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-33301 | Medium | Medium | Audio | 06/24/2022 |
CVE-2022-40503
| CVE ID | CVE-2022-40503 |
| Title | Buffer over-read in Bluetooth Host. |
| Description | Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. |
| Technology Area | Bluetooth HOST |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | 2022/06/13 |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | 9206 LTE Modem, APQ8017, APQ8064AU, AQT1000, AR8031, C-V2X 9150, CSRA6620, CSRA6640, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, Flight RB5 5G Platform, MDM9250, MDM9628, MDM9650, MSM8108, MSM8209, MSM8608, MSM8909W, MSM8996AU, QAM8295P, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCN9011, QCN9012, QCN9074, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QRB5165M, QRB5165N, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Qualcomm Robotics RB3 Platform, Qualcomm Robotics RB5 Platform, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD626, SD660, SD670, SD730, SD778G, SD835, SD855, SD865 5G, SD888, SDM429W, SDX20M, SDX55, SM4125, SM6250, SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1200 Wearable Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile Platform, Snapdragon 845 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform (SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 2100 Platform, Snapdragon Wear 2500 Platform, Snapdragon Wear 3100 Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SW5100, SW5100P, SXR1120, SXR2130, Vision Intelligence 100 Platform (APQ8053-AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 400 Platform, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2023-21630
| CVE ID | CVE-2023-21630 |
| Title | Integer Overflow in Multimedia Framework |
| Description | Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. |
| Technology Area | Multimedia Frameworks |
| Vulnerability Type | CWE-191 Integer Underflow (Wrap or Wraparound) |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2023/01/02 |
| Affected Chipsets* | FastConnect 6700, FastConnect 6900, FastConnect 7800, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, SA6155P, SA8155P, SA8195P, SD 8 Gen1 5G, SD778G, SD888, SG4150P, SM7315, SM7325P, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), SW5100, SW5100P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN6740, WSA8810, WSA8830, WSA8835 |
| Patch** |
CVE-2022-33301
| CVE ID | CVE-2022-33301 |
| Title | Incorrect type conversion or cast in Audio |
| Description | Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM. |
| Technology Area | Audio |
| Vulnerability Type | CWE-704 Incorrect Type Conversion or Cast |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/06/24 |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | QCA6595, QCA6595AU, QCA6696, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, Snapdragon W5+ Gen 1 Wearable Platform, SW5100, SW5100P, WCN3980, WCN3988, WSA8830, WSA8835 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2022-25678
- CVE-2022-25740
- CVE-2022-25745
- CVE-2022-33211
- CVE-2022-33231
- CVE-2022-33259
- CVE-2022-33288
- CVE-2022-33289
- CVE-2022-33302
- CVE-2022-25726
- CVE-2022-25730
- CVE-2022-25731
- CVE-2022-25737
- CVE-2022-25739
- CVE-2022-25747
- CVE-2022-33222
- CVE-2022-33223
- CVE-2022-33228
- CVE-2022-33258
- CVE-2022-33269
- CVE-2022-33270
- CVE-2022-33282
- CVE-2022-33287
- CVE-2022-33291
- CVE-2022-33294
- CVE-2022-33295
- CVE-2022-40532
- CVE-2022-33296
- CVE-2022-33297
- CVE-2022-33298
- Open Source Software Issues
- CVE-2022-40503
- CVE-2023-21630
- CVE-2022-33301
- Industry Coordination
