August 2022 Security Bulletin
Published: 08/01/2022
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2022-22059,CVE-2022-25668 | Le Wu of Baidu Security |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-35097 | Critical | High | Content Protection | Internal |
| CVE-2021-35113 | Critical | High | Key Provisioning | Internal |
| CVE-2021-35134 | Critical | High | Boot | Internal |
| CVE-2022-22099 | Critical | High | Multimedia | Internal |
| CVE-2021-35108 | High | Medium | Core | Internal |
| CVE-2021-35109 | High | Medium | Core | Internal |
| CVE-2022-22059 | High | High | Video | 07/11/2021 |
| CVE-2022-22061 | High | High | HLOS | Internal |
| CVE-2022-22062 | High | High | Data Modem | Internal |
| CVE-2022-22067 | High | High | Modem | Internal |
| CVE-2022-22069 | High | High | Content Protection | 01/13/2022 |
| CVE-2022-22070 | High | High | Audio | Internal |
| CVE-2022-22106 | High | High | Multimedia | Internal |
| CVE-2022-25668 | High | High | Video | 07/15/2021 |
| CVE-2022-25680 | High | High | Multimedia | Internal |
CVE-2021-35097
| CVE ID | CVE-2021-35097 |
| Title | Cryptographic issues in Content Protection |
| Description | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call |
| Technology Area | Content Protection |
| Vulnerability Type | CWE-310 Cryptographic Issues |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/12/06 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-35113
| CVE ID | CVE-2021-35113 |
| Title | Cryptographic Issues in Key Provisioning |
| Description | Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call |
| Technology Area | Key Provisioning |
| Vulnerability Type | CWE-310 Cryptographic Issues |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/12/06 |
| Affected Chipsets* | AQT1000, CSRB31024, QCA6174A, QCA6310, QCA6335, QCA6420, QCA6430, QCA6564AU, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCS410, QCS610, SA415M, SD 675, SD429, SD675, SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDM429W, SDX24, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WSA8810, WSA8815 |
CVE-2021-35134
| CVE ID | CVE-2021-35134 |
| Title | Incorrect Calculation of Buffer Size in Boot |
| Description | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption |
| Technology Area | Boot |
| Vulnerability Type | CWE-131 Incorrect Calculation of Buffer Size |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | QCA6391, QCM6490, QCS6490, QSM8350, SD 8 Gen1 5G, SD778G, SD780G, SD888, SD888 5G, SM7315, SM7325P, SM7450, SM8475, SM8475P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835 |
CVE-2022-22099
| CVE ID | CVE-2022-22099 |
| Title | Improper Validation of Array Index in Automotive Multimedia |
| Description | Memory corruption in multimedia due to improper validation of array index |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | SA8540P, SA9000P |
CVE-2021-35108
| CVE ID | CVE-2021-35108 |
| Title | Improper Input Validation in Core |
| Description | Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access |
| Technology Area | Core |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/12/06 |
| Affected Chipsets* | SD 8 Gen1 5G, SM7450, SM8475, SM8475P, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6855, WCN6856, WCN7851, WSA8830, WSA8832, WSA8835 |
CVE-2021-35109
| CVE ID | CVE-2021-35109 |
| Title | Improper Input Validation in Core |
| Description | Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges |
| Technology Area | Core |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/12/06 |
| Affected Chipsets* | SD 8 Gen1 5G, SM7450, SM8475, SM8475P, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6855, WCN6856, WCN7851, WSA8830, WSA8832, WSA8835 |
CVE-2022-22059
| CVE ID | CVE-2022-22059 |
| Title | Improper Validation of Array Index in Video |
| Description | Memory corruption due to out of bound read while parsing a video file |
| Technology Area | Video |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/07/11 |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCS2290, QCS4290, QCS610, Qualcomm215, SA6155P, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM7250P, SM7325P, SM7450, SM8475, SM8475P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-22061
| CVE ID | CVE-2022-22061 |
| Title | String Errors in HLOS |
| Description | Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data |
| Technology Area | HLOS |
| Vulnerability Type | CWE-133 String Errors |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/02/07 |
| Affected Chipsets* | AR8035, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA8081, QCA8337, SD 8 Gen1 5G, SD865 5G, SD870, SD888 5G, SDX55M, SDX65, SDXR2 5G, SM7450, SM8475, SM8475P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6855, WCN6856, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-22062
| CVE ID | CVE-2022-22062 |
| Title | Buffer Over-read in Data Modem |
| Description | An out-of-bounds read can occur while parsing a server certificate due to improper length check |
| Technology Area | Data Modem |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/02/07 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, IPQ4019, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9645, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, Qualcomm215, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-22067
| CVE ID | CVE-2022-22067 |
| Title | Improper Release of Memory Before Removing Last Reference in Modem |
| Description | Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config |
| Technology Area | Modem |
| Vulnerability Type | CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/02/07 |
| Affected Chipsets* | AR8035, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD695, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7450, SM8475, SM8475P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-22069
| CVE ID | CVE-2022-22069 |
| Title | Cryptographic Issues in Content Protection |
| Description | Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue |
| Technology Area | Content Protection |
| Vulnerability Type | CWE-310 Cryptographic Issues |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | 2022/01/13 |
| Customer Notified Date | 2022/02/07 |
| Affected Chipsets* | AQT1000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD 8cx Gen3, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX50M, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-22070
| CVE ID | CVE-2022-22070 |
| Title | Improper Input Validation in Audio |
| Description | Memory corruption in audio due to lack of check of invalid routing address into APR Routing table |
| Technology Area | Audio |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/02/07 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9250, MDM9650, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-22106
| CVE ID | CVE-2022-22106 |
| Title | Integer Overflow to Buffer Overflow in Automotive Multimedia |
| Description | Memory corruption in multimedia due to improper length check while copying the data |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | SA8540P, SA9000P |
CVE-2022-25668
| CVE ID | CVE-2022-25668 |
| Title | Double free in Video |
| Description | Memory corruption in video driver due to double free while parsing ASF clip |
| Technology Area | Video |
| Vulnerability Type | CWE-415 Double Free |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | 2021/07/15 |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9650, MSM8909W, MSM8917, MSM8937, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, Qualcomm215, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD670, SD675, SD678, SD680, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDW2500, SDX20, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25680
| CVE ID | CVE-2022-25680 |
| Title | Buffer Copy Without Checking Size of Input in Automotive Multimedia |
| Description | Memory corruption in multimedia due to buffer overflow while processing count variable from client |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | MSM8996AU |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-22080 | High | High | Audio | Internal |
CVE-2022-22080
| CVE ID | CVE-2022-22080 |
| Title | Use of Out-of-range Pointer Offset in Audio |
| Description | Improper validation of backend id in PCM routing process can lead to memory corruption |
| Technology Area | Audio |
| Vulnerability Type | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, MDM9150, MDM9628, MDM9640, MDM9650, MSM8953, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QRB5165, QRB5165M, QRB5165N, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD439, SD460, SD480, SD660, SD662, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX12, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, WCD9326, WCD9335, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3615, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2021-35097
- CVE-2021-35113
- CVE-2021-35134
- CVE-2022-22099
- CVE-2021-35108
- CVE-2021-35109
- CVE-2022-22059
- CVE-2022-22061
- CVE-2022-22062
- CVE-2022-22067
- CVE-2022-22069
- CVE-2022-22070
- CVE-2022-22106
- CVE-2022-25668
- CVE-2022-25680
- Open Source Software Issues
- CVE-2022-22080
- Industry Coordination
