February 2023 Security Bulletin
Published: 02/06/2023
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2022-33279 | Javier Contreras of Cisco |
| CVE-2022-33216 | Viacheslav Moskvin from MBition Product Security Team |
| CVE-2022-33233,CVE-2022-33248 | Peter Park (peterpark) |
| CVE-2022-33225 | Le Wu of Baidu Security |
| CVE-2022-33246 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-25729 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-33232 | Critical | Critical | KERNEL | Internal |
| CVE-2022-33279 | Critical | Critical | WIN SON | 02/11/2022 |
| CVE-2022-40514 | Critical | Critical | WLAN Firmware | Internal |
| CVE-2022-25728 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25732 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25733 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25734 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25735 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-25738 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33216 | High | Medium | Automotive | 04/06/2022 |
| CVE-2022-33221 | High | Medium | Trust Management Engine | Internal |
| CVE-2022-33229 | High | High | Data Network Stack & Connectivity | Internal |
| CVE-2022-33233 | High | High | Architecture | 04/24/2022 |
| CVE-2022-33248 | High | High | User Identity Module | 03/20/2022 |
| CVE-2022-33271 | High | High | WLAN Firmware | Internal |
| CVE-2022-33277 | High | High | WLAN Firmware | Internal |
| CVE-2022-33306 | High | High | WLAN Firmware | Internal |
| CVE-2022-34145 | High | High | WLAN Host Communication | Internal |
| CVE-2022-34146 | High | High | WLAN Host Communication | Internal |
| CVE-2022-40502 | High | High | WLAN Host Communication | Internal |
| CVE-2022-40512 | High | High | WLAN Firmware | Internal |
| CVE-2022-40513 | High | High | WLAN Firmware | Internal |
CVE-2022-25729
| CVE ID | CVE-2022-25729 |
| Title | Improper Input Validation in MODEM |
| Description | Memory corruption in modem due to improper length check while copying into memory |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM9205, MDM9206, QCA4004, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33232
| CVE ID | CVE-2022-33232 |
| Title | Buffer copy without checking size of input in Hypervisor |
| Description | Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory. |
| Technology Area | KERNEL |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.3 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AQT1000, AR8035, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9377, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS603, QCS605, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD678, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDX70M, SDXR2 5G, SM7250P, SM7315, SM7325P, SSG2115P, SSG2125P, SXR1230P, SXR2150P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33279
| CVE ID | CVE-2022-33279 |
| Title | Stack based buffer overflow in WLAN |
| Description | Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length. |
| Technology Area | WIN SON |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/02/11 |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | AR9380, CSR8811, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, QCA4024, QCA6391, QCA7500, QCA8072, QCA8075, QCA8081, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QRB5165, QRB5165M, QRB5165N, WCD9385 |
CVE-2022-40514
| CVE ID | CVE-2022-40514 |
| Title | Buffer copy without checking size of input in WLAN Firmware |
| Description | Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9574, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SG4150P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2150P, SXR2230P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25728
| CVE ID | CVE-2022-25728 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem due to buffer over-read while processing response from DNS server |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25732
| CVE ID | CVE-2022-25732 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem due to buffer over read in dns client due to missing length check |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25733
| CVE ID | CVE-2022-25733 |
| Title | Null Pointer Dereference in MODEM |
| Description | Denial of service in modem due to null pointer dereference while processing DNS packets |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25734
| CVE ID | CVE-2022-25734 |
| Title | Loop with Unreachable Exit Condition in MODEM |
| Description | Denial of service in modem due to missing null check while processing IP packets with padding |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25735
| CVE ID | CVE-2022-25735 |
| Title | Null Pointer Dereference in MODEM |
| Description | Denial of service in modem due to missing null check while processing TCP or UDP packets from server |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25738
| CVE ID | CVE-2022-25738 |
| Title | Buffer Over-read in MODEM |
| Description | Information disclosure in modem due to buffer over-red while performing checksum of packet received |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, QTS110, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9306, WCD9330, WCD9335, WCD9380, WCD9385, WCN3980, WCN3998, WCN3999, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33216
| CVE ID | CVE-2022-33216 |
| Title | Improper Input Validation in Automotive |
| Description | Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file. |
| Technology Area | Automotive |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.0 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
| Date Reported | 2022/04/06 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | QAM8295P, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P |
CVE-2022-33221
| CVE ID | CVE-2022-33221 |
| Title | Buffer over-read in Trusted Execution Environment |
| Description | Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests. |
| Technology Area | Trust Management Engine |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | SD 8 Gen1 5G, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9380, WCD9385, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835 |
CVE-2022-33229
| CVE ID | CVE-2022-33229 |
| Title | Buffer over-read in Modem |
| Description | Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets. |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, QTS110, WCD9306, WCD9330, WCD9335, WCN3980, WCN3999, WSA8810, WSA8815 |
CVE-2022-33233
| CVE ID | CVE-2022-33233 |
| Title | Configuration weakness in modem |
| Description | Memory corruption due to configuration weakness in modem wile sending command to write protected files. |
| Technology Area | Architecture |
| Vulnerability Type | CWE-16 Configuration |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/04/24 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8037, APQ8052, APQ8056, APQ8076, APQ8096AU, AQT1000, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9230, MDM9250, MDM9330, MDM9607, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCC5100, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN6024, QCN9024, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, QTS110, Qualcomm215, SA415M, SA515M, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD625, SD626, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDX70M, SDXR1, SDXR2 5G, SG4150P, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33248
| CVE ID | CVE-2022-33248 |
| Title | Integer overflow to buffer overflow in User Identity Module |
| Description | Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. |
| Technology Area | User Identity Module |
| Vulnerability Type | CWE-680 Integer Overflow to Buffer Overflow |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/03/20 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8037, AQT1000, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9250, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8937, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCC5100, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN6024, QCN9024, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDX70M, SDXR1, SDXR2 5G, SG4150P, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33271
| CVE ID | CVE-2022-33271 |
| Title | Buffer over-read in WLAN |
| Description | Information disclosure due to buffer over-read in WLAN while parsing NMF frame. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM9640, MSM8996AU, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM4325, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS405, QCS410, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SG4150P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2150P, SXR2230P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33277
| CVE ID | CVE-2022-33277 |
| Title | Buffer copy without checking size of input in modem |
| Description | Memory corruption in modem due to buffer copy without checking size of input while receiving WMI command. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SG4150P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2150P, SXR2230P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-33306
| CVE ID | CVE-2022-33306 |
| Title | Buffer over-read in WLAN |
| Description | Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | AR8035, AR9380, CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, QAM8295P, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM6490, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QSM8350, SA8295P, SD 8 Gen1 5G, SD 8cx Gen3, SD660, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55M, SDX65, SDXR2 5G, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3990, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-34145
| CVE ID | CVE-2022-34145 |
| Title | Buffer over-read in WLAN Host |
| Description | Transient DOS due to buffer over-read in WLAN Host while parsing frame information. |
| Technology Area | WLAN Host Communication |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, QAM8295P, QCA4024, QCA6175A, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA9888, QCA9889, QCC5100, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS410, QCS610, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SW5100, SW5100P, WCD9341, WCD9370, WCD9380, WCN3950, WCN3980, WCN3988, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-34146
| CVE ID | CVE-2022-34146 |
| Title | Improper input validation in WLAN Host |
| Description | Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. |
| Technology Area | WLAN Host Communication |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, QAM8295P, QCA4024, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA9888, QCA9889, QCM4325, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS410, QCS610, SA4150P, SA6155P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD680, SG4150P, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN6740, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-40502
| CVE ID | CVE-2022-40502 |
| Title | Improper input validation in WLAN Host |
| Description | Transient DOS due to improper input validation in WLAN Host. |
| Technology Area | WLAN Host Communication |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, QAM8295P, QCA4024, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA9888, QCA9889, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS410, QCS610, SA4150P, SA6155P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD680, SG4150P, SSG2115P, SSG2125P, SXR1230P, SXR2230P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN6740, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-40512
| CVE ID | CVE-2022-40512 |
| Title | Buffer over-read in WLAN Firmware. |
| Description | Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8064AU, APQ8076, APQ8092, APQ8094, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8992, MSM8994, MSM8996AU, PMP8074, QAM8295P, QCA0000, QCA1023, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6678AQ, QCA6696, QCA6698AQ, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM4325, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SG4150P, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, Snapdragon 4 Gen 1, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2150P, SXR2230P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-40513
| CVE ID | CVE-2022-40513 |
| Title | Uncontrolled resource consumption in WLAN Firmware. |
| Description | Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/11/07 |
| Affected Chipsets* | CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9574, QCA4024, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8386, QCA9888, QCA9889, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, SD 8 Gen1 5G, SSG2115P, SSG2125P, SXR1230P, WCD9380, WCD9385, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-33243 | Critical | High | DSP Service | Internal |
| CVE-2022-33280 | Critical | High | Bluetooth HOST | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-33225 | Medium | Medium | QTEE | 01/31/2022 |
| CVE-2022-33246 | Medium | Medium | Audio | 06/13/2021 |
CVE-2022-33243
| CVE ID | CVE-2022-33243 |
| Title | Improper access control in Qualcomm IPC |
| Description | Memory corruption due to improper access control in Qualcomm IPC. |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/09/05 |
| Affected Chipsets* | APQ8096AU, AQT1000, AR9380, CSR8811, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MSM8996AU, QAM8295P, QCA4024, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA7500, QCA8075, QCA8081, QCA8337, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM6125, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS410, QCS605, QCS610, QCS6125, QCS8155, QRB5165, QSM8250, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD660, SD665, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDM429W, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2022-33280
| CVE ID | CVE-2022-33280 |
| Title | Access of uninitialized pointer in Bluetooth HOST |
| Description | Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. |
| Technology Area | Bluetooth HOST |
| Vulnerability Type | CWE-824 Access of Uninitialized Pointer |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/10/03 |
| Affected Chipsets* | APQ8096AU, AR8031, AR8035, CSRA6620, CSRA6640, MDM9150, MDM9250, MDM9628, MDM9650, QCA6174A, QCA6391, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA8081, QCA8337, QCA9377, QCN6024, QCN9011, QCN9012, QCN9024, QCN9074, QCS405, QCS410, QCS605, QCS610, QRB5165, QRB5165M, QRB5165N, SA6155P, SA8155P, SA8195P, SD429, SD626, SD835, SDM429W, SDX20, SDX20M, SDX24, SDX55, SDX65, WCD9326, WCD9335, WCD9341, WCD9370, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6855, WCN6856, WSA8810, WSA8815 |
| Patch** |
|
CVE-2022-33225
| CVE ID | CVE-2022-33225 |
| Title | Use after free in Trusted Application Environment |
| Description | Memory corruption due to use after free in trusted application environment. |
| Technology Area | QTEE |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/01/31 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8096AU, MDM9628, MSM8996AU, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, Qualcomm215, SD205, SD210, SD429, SD865 5G, SD870, SDM429W, SDX55M, SDXR2 5G, WCD9340, WCD9380, WCN3610, WCN3620, WCN3660B, WCN6850, WCN6851, WSA8810, WSA8815 |
| Patch** |
CVE-2022-33246
| CVE ID | CVE-2022-33246 |
| Title | Use of out-of-range pointer offset in Audio |
| Description | Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id. |
| Technology Area | Audio |
| Vulnerability Type | CWE-823 Use of Out-of-range Pointer Offset |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/06/13 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8096AU, AQT1000, MSM8996AU, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCN9074, QCS410, QCS610, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD855, SD865 5G, SD870, SDA429W, SDX55M, SDXR2 5G, WCD9341, WCD9370, WCD9380, WCN3610, WCN3950, WCN3980, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2022-25729
- CVE-2022-33232
- CVE-2022-33279
- CVE-2022-40514
- CVE-2022-25728
- CVE-2022-25732
- CVE-2022-25733
- CVE-2022-25734
- CVE-2022-25735
- CVE-2022-25738
- CVE-2022-33216
- CVE-2022-33221
- CVE-2022-33229
- CVE-2022-33233
- CVE-2022-33248
- CVE-2022-33271
- CVE-2022-33277
- CVE-2022-33306
- CVE-2022-34145
- CVE-2022-34146
- CVE-2022-40502
- CVE-2022-40512
- CVE-2022-40513
- Open Source Software Issues
- CVE-2022-33243
- CVE-2022-33280
- CVE-2022-33225
- CVE-2022-33246
- Industry Coordination
