Navigator

Close
2023 Security Bulletins
DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuary

Legal notice

January 2023 Security Bulletin

Updated On: 01/05/2023

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements
Acknowledgements
Proprietary Software Issues
Open Source Software Issues
Industry Coordination

Announcements

None

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2022-33255 Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab.
CVE-2022-40516,CVE-2022-40517,CVE-2022-40520,CVE-2022-40518,CVE-2022-40519 Binarly efiXplorer Team
CVE-2022-22079 Gengjia Chen ( @chengjia4574 ) from IceSword Lab
CVE-2022-25715,CVE-2022-25717,CVE-2022-25721 nicolas (nicolas1993)
CVE-2022-25716 Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN
CVE-2022-25722 Le Wu of Baidu Security

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2022-33218 Critical High Automotive Internal
CVE-2022-33219 Critical Critical Automotive Internal
CVE-2022-33265 Critical High Powerline Communication Firmware Internal
CVE-2022-25725 High Medium UTILS Internal
CVE-2022-25746 High High KERNEL Internal
CVE-2022-33252 High High WLAN Firmware Internal
CVE-2022-33253 High High WLAN Firmware Internal
CVE-2022-33266 High Medium Audio Internal
CVE-2022-33274 High High Android Core Internal
CVE-2022-33276 High High WLAN Firmware Internal
CVE-2022-33283 High High WLAN Firmware Internal
CVE-2022-33284 High High WLAN Firmware Internal
CVE-2022-33285 High High WLAN Firmware Internal
CVE-2022-33286 High High WLAN Firmware Internal
CVE-2022-33290 High High Automotive Connectivity Internal
CVE-2022-33299 High High Automotive Connectivity Internal
CVE-2022-33300 High High Automotive Android OS Internal
CVE-2022-40516 High High Boot 10/28/2022
CVE-2022-40517 High High Boot 10/28/2022
CVE-2022-40520 High High Connectivity 10/28/2022

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2022-40518 Medium Medium Boot 10/28/2022
CVE-2022-40519 Medium Medium Boot 10/28/2022

CVE-2022-33218

CVE ID CVE-2022-33218
Title Improper Input Validation in Automotive
Description Memory corruption in Automotive due to improper input validation.
Technology Area Automotive
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating Critical
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/07/04
Affected Chipsets* APQ8064AU, APQ8096AU, MSM8996AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P

CVE-2022-33219

CVE ID CVE-2022-33219
Title Integer Overflow to Buffer Overflow in Automotive
Description Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer.
Technology Area Automotive
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/07/04
Affected Chipsets* APQ8064AU, APQ8096AU, MSM8996AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P

CVE-2022-33265

CVE ID CVE-2022-33265
Title Information exposure in Powerline Communication Firmware
Description Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device.
Technology Area Powerline Communication Firmware
Vulnerability Type CWE-200 Information Exposure
Access Vector Remote
Security Rating Critical
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 2022/09/05
Affected Chipsets* QCA7500, QCA7520, QCA7550

CVE-2022-25725

CVE ID CVE-2022-25725
Title Use-after-Free in MODEM
Description Denial of service in MODEM due to improper pointer handling
Technology Area UTILS
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating Medium
CVSS Score 6.2
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/07/04
Affected Chipsets* AR8035, CSRB31024, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCN6024, QCN9024, QCS6490, QCX315, SA415M, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD695, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX57M, SDX65, SDXR2 5G, SM4375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25746

CVE ID CVE-2022-25746
Title Buffer Copy Without Checking Size of Input in Kernel
Description Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping.
Technology Area KERNEL
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/07/04
Affected Chipsets* AQT1000, AR8035, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM6490, QCN9011, QCN9012, QCS603, QCS605, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD678, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7325P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33252

CVE ID CVE-2022-33252
Title Buffer over-read in WLAN
Description Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* AQT1000, AR8035, AR9380, CSR8811, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 8 Gen1 5G, SD 8cx Gen2, SD 8cx Gen3, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM7315, SM7325P, SXR2150P, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33253

CVE ID CVE-2022-33253
Title Buffer over-read in WLAN
Description Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* AQT1000, AR8035, AR9380, CSR8811, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 8 Gen1 5G, SD 8cx Gen2, SD 8cx Gen3, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM7315, SM7325P, SXR2150P, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33266

CVE ID CVE-2022-33266
Title Integer overflow to buffer overflow in Audio
Description Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content.
Technology Area Audio
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating Medium
CVSS Score 5.9
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8996AU, QAM8295P, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCC5100, QCN9074, QCS405, QCS410, QCS605, QCS610, QRB5165, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD625, SD626, SD660, SD835, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX20, SDX20M, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33274

CVE ID CVE-2022-33274
Title Improper validation of array index in Android Core
Description Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication.
Technology Area Android Core
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* QAM8295P, QCA6574AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P

CVE-2022-33276

CVE ID CVE-2022-33276
Title Buffer copy without checking size of input in Modem
Description Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command.
Technology Area WLAN Firmware
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* AR8035, AR9380, CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA8295P, SD 8 Gen1 5G, SD 8cx Gen3, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55M, SDX65, SDXR2 5G, SM7315, SM7325P, SXR2150P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33283

CVE ID CVE-2022-33283
Title Buffer over-read in WLAN
Description Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* AR8035, AR9380, CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA8295P, SD 8 Gen1 5G, SD 8cx Gen3, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55M, SDX65, SDXR2 5G, SM7315, SM7325P, SXR2150P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33284

CVE ID CVE-2022-33284
Title Buffer over-read in WLAN
Description Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* AQT1000, AR8035, AR9380, CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, PMP8074, QAM8295P, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9886, QCA9888, QCA9889, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA8295P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD662, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33285

CVE ID CVE-2022-33285
Title Buffer over-read in WLAN
Description Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8009, APQ8017, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8996AU, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33286

CVE ID CVE-2022-33286
Title Buffer over-read in WLAN
Description Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8009, APQ8017, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, IPQ9574, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8996AU, PMP8074, QAM8295P, QCA0000, QCA1023, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33290

CVE ID CVE-2022-33290
Title Null pointer dereference in Bluetooth HOST
Description Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.
Technology Area Automotive Connectivity
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8017, APQ8096AU, AR8031, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QAM8295P, QCA6174A, QCA6175A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9377, QCN9074, QCS405, SA415M, SA515M, SA8295P, SD626, SDX20, SDX20M, SDX55, WCD9326, WCD9335, WCD9360, WCN3660B, WCN3680B, WCN3980, WCN3998, WSA8815

CVE-2022-33299

CVE ID CVE-2022-33299
Title Null pointer dereference in Bluetooth HOST
Description Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.
Technology Area Automotive Connectivity
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8017, APQ8096AU, AR8031, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6175A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9377, QCN9074, QCS405, SA415M, SA515M, SD626, SDX20, SDX20M, SDX55, WCD9326, WCD9335, WCD9360, WCN3660B, WCN3680B, WCN3980, WCN3998, WSA8815

CVE-2022-33300

CVE ID CVE-2022-33300
Title Improper input validation in Automotive Android OS
Description Memory corruption in Automotive Android OS due to improper input validation.
Technology Area Automotive Android OS
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/10/03
Affected Chipsets* QAM8295P, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCC5100, QCN9011, QCN9012, QRB5165, QRB5165M, QRB5165N, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD660, SD865 5G, SD870, SD888 5G, SDX12, SDX55M, SDXR2 5G, SW5100, SW5100P, WCD9335, WCD9341, WCD9380, WCD9385, WCN3980, WCN3988, WCN3990, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-40516

CVE ID CVE-2022-40516
Title Stack-based buffer overflow in Core
Description Memory corruption in Core due to stack-based buffer overflow.
Technology Area Boot
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/10/28
Customer Notified Date 2022/11/11
Affected Chipsets* AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ9008, IPQ9574, MDM9150, MDM9205, QAM8295P, QCA4004, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9984, QCC5100, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN7606, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD660, SD662, SD670, SD675, SD678, SD680, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-40517

CVE ID CVE-2022-40517
Title Stack based buffer overflow in Core
Description Memory corruption in core due to stack-based buffer overflow
Technology Area Boot
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/10/28
Customer Notified Date 2022/11/11
Affected Chipsets* AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ9008, IPQ9574, MDM9150, MDM9205, QAM8295P, QCA4004, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9984, QCC5100, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN7606, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD660, SD662, SD670, SD675, SD678, SD680, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-40520

CVE ID CVE-2022-40520
Title Stack based buffer overflow in Core
Description Memory corruption due to stack-based buffer overflow in Core
Technology Area Connectivity
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/10/28
Customer Notified Date 2022/11/11
Affected Chipsets* APQ8064AU, APQ8096AU, AQT1000, AR8035, CSRB31024, FSM10056, MDM9150, MDM9205, MDM9640, MDM9650, MSM8996AU, QAM8295P, QCA4004, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS410, QCS603, QCS605, QCS610, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD660, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SXR2150P, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-40518

CVE ID CVE-2022-40518
Title Buffer overread in Core
Description Information disclosure due to buffer overread in Core
Technology Area Boot
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 2022/10/28
Customer Notified Date 2022/11/11
Affected Chipsets* AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10056, MDM9150, MDM9205, QAM8295P, QCA4004, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN7606, QCN9011, QCN9012, QCN9024, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SXR2150P, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-40519

CVE ID CVE-2022-40519
Title Buffer over-read in Core
Description Information disclosure due to buffer overread in Core
Technology Area Boot
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 2022/10/28
Customer Notified Date 2022/11/11
Affected Chipsets* AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ9008, IPQ9574, MDM9150, MDM9205, QAM8295P, QCA4004, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9984, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN7606, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2022-22088 Critical Critical Bluetooth HOST Internal
CVE-2022-33255 High High Bluetooth HOST 06/02/2022

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2022-22079 Medium Medium Boot 09/07/2020
CVE-2022-25715 Medium Medium Display 03/07/2022
CVE-2022-25716 Medium Medium Multimedia Frameworks 12/07/2021
CVE-2022-25717 Medium Medium Display 03/19/2022
CVE-2022-25721 Medium Medium Video 03/19/2022
CVE-2022-25722 Medium Medium DSP Service 03/06/2022

CVE-2022-22088

CVE ID CVE-2022-22088
Title Integer Overflow to Buffer Overflow in Bluetooth HOST
Description Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
Technology Area Bluetooth HOST
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2022/05/02
Affected Chipsets* APQ8009, APQ8009W, APQ8052, APQ8056, APQ8076, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCN9011, QCN9012, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD460, SD480, SD625, SD626, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDW2500, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2022-33255

CVE ID CVE-2022-33255
Title Buffer over-read in Bluetooth HOST
Description Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device.
Technology Area Bluetooth HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 2022/06/02
Customer Notified Date 2022/10/03
Affected Chipsets* APQ8009, AR8031, CSRA6620, CSRA6640, MSM8108, MSM8208, MSM8209, MSM8608, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCC5100, QCM6125, QCN9011, QCN9012, QCN9074, QCS405, QCS410, QCS605, QCS610, QCS6125, QRB5165, QRB5165M, QRB5165N, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD625, SD626, SD660, SD835, SD845, SD865 5G, SD870, SDM429W, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2022-22079

CVE ID CVE-2022-22079
Title Buffer Over-read in BOOT
Description Denial of service while processing fastboot flash command on mmc due to buffer over read
Technology Area Boot
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 4.6
CVSS String CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported 2020/09/07
Customer Notified Date 2022/07/04
Affected Chipsets* APQ8009, APQ8009W, APQ8064AU, APQ8096AU, MDM9150, MDM9250, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8996AU, QCA4020, QCA6174A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA9377, QCA9379, Qualcomm215, SD210, SD429, SD625, SD626, SD835, SDA429W, SDM429W, SDW2500, SDX20, SDX20M, WCD9326, WCD9335, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3980, WCN3990, WSA8815
Patch**

CVE-2022-25715

CVE ID CVE-2022-25715
Title Incorrect type casting in Display driver
Description Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields
Technology Area Display
Vulnerability Type CWE-704 Incorrect Type Conversion or Cast
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/03/07
Customer Notified Date 2022/07/04
Affected Chipsets* AQT1000, MDM9150, QCA6391, QCA6420, QCA6430, QCA8337, QCN9074, QCS410, QCS610, QCS8155, Qualcomm215, SA515M, SA8155P, SD205, SD210, SD429, SD855, SDA429W, SDM429W, SDX55, WCD9340, WCD9341, WCD9370, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3998, WSA8810, WSA8815
Patch**

CVE-2022-25716

CVE ID CVE-2022-25716
Title Time-of-check Time-of-use Race Condition in Multimedia Framework
Description Memory corruption in Multimedia Framework due to unsafe access to the data members
Technology Area Multimedia Frameworks
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/12/07
Customer Notified Date 2022/07/04
Affected Chipsets* SD888 5G, WCD9380, WCD9385, WCN6850, WCN6851, WSA8830, WSA8835
Patch**

CVE-2022-25717

CVE ID CVE-2022-25717
Title Use-After-Free Issue in Display
Description Memory corruption in display due to double free while allocating frame buffer memory
Technology Area Display
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/03/19
Customer Notified Date 2022/07/04
Affected Chipsets* APQ8096AU, AQT1000, MDM9150, MDM9250, MDM9650, MSM8996AU, QCA6391, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA8337, QCN9074, QCS410, QCS610, QCS8155, Qualcomm215, SA515M, SA8155P, SD205, SD210, SD429, SD835, SD855, SDA429W, SDM429W, SDX55, SDXR1, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3990, WCN3998, WSA8810, WSA8815
Patch**

CVE-2022-25721

CVE ID CVE-2022-25721
Title Incorrect Type Conversion in Video driver
Description Memory corruption in video driver due to type confusion error during video playback
Technology Area Video
Vulnerability Type CWE-704 Incorrect Type Conversion or Cast
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 2022/03/19
Customer Notified Date 2022/07/04
Affected Chipsets* AQT1000, MDM9150, QCA6391, QCA6420, QCA6430, QCA6564, QCA6564AU, QCA6574A, QCA6574AU, QCA6696, QCA8337, QCN9074, QCS410, QCS610, QCS8155, Qualcomm215, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD205, SD210, SD429, SD855, SDA429W, SDM429W, SDX55, SDXR1, WCD9326, WCD9340, WCD9341, WCD9370, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3990, WCN3998, WSA8810, WSA8815
Patch**

CVE-2022-25722

CVE ID CVE-2022-25722
Title Information Exposure in DSP Services
Description Information exposure in DSP services due to improper handling of freeing memory
Technology Area DSP Service
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.0
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Date Reported 2022/03/06
Customer Notified Date 2022/07/04
Affected Chipsets* APQ8096AU, AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9650, QCA4024, QCA6310, QCA6320, QCA6574AU, QCA7500, QCA8075, QCA8081, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9990, QCA9992, QCA9994, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, Qualcomm215, SD205, SD210, SD835, WCD9335, WCD9340, WCD9341, WCN3610, WCN3990, WSA8810, WSA8815
Patch**

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.

San Diego, CA 92121

U.S.A.

© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.