July 2022 Security Bulletin
Updated On: 08/01/2022
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2022-22096 | Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab |
| CVE-2021-35132 | Arash Tohidi (h4ul4) |
| CVE-2022-22058 | Le Wu(吴乐) of Baidu Security |
| CVE-2022-25657,CVE-2022-25658,CVE-2022-25659 | Le Wu of Baidu Security |
| CVE-2021-35133 | Jun Yao (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-35122 | Critical | Critical | Core | Internal |
| CVE-2022-22100 | Critical | High | Multimedia | Internal |
| CVE-2022-22104 | Critical | High | Multimedia | Internal |
| CVE-2021-35132 | High | High | DSP Service | 10/20/2021 |
| CVE-2021-35135 | High | Medium | HLOS | Internal |
| CVE-2022-22098 | High | High | Multimedia | Internal |
| CVE-2022-22101 | High | Medium | Multimedia | Internal |
| CVE-2022-22102 | High | High | Multimedia | Internal |
| CVE-2022-25657 | High | High | Video | 07/19/2021 |
| CVE-2022-25658 | High | High | Video | 07/20/2021 |
| CVE-2022-25659 | High | High | Video | 08/15/2021 |
CVE-2021-35122
| CVE ID | CVE-2021-35122 |
| Title | Improper Input Validation in Core |
| Description | Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation |
| Technology Area | Core |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.3 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AQT1000, AR8035, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA515M, SA8540P, SA9000P, SD 675, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-22100
| CVE ID | CVE-2022-22100 |
| Title | Improper Restriction of Operations within the Bounds of a Memory Buffer in Automotive Multimedia |
| Description | Memory corruption in multimedia due to improper check on received export descriptors |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8096AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P |
CVE-2022-22104
| CVE ID | CVE-2022-22104 |
| Title | Use of Out-of-range Pointer Offset in Automotive Multimedia |
| Description | Memory corruption in multimedia due to improper check on the messages received. |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-823 Use of Out-of-range Pointer Offset |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8096AU, MSM8996AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P |
CVE-2021-35132
| CVE ID | CVE-2021-35132 |
| Title | Use of Out-of-range Pointer Offset in DSP Service |
| Description | Out of bound write in DSP service due to improper bound check for response buffer size |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-823 Use of Out-of-range Pointer Offset |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/10/20 |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AQT1000, AR8035, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA515M, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SD 675, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-35135
| CVE ID | CVE-2021-35135 |
| Title | NULL Pointer Dereference in QTEE |
| Description | A null pointer dereference may potentially occur during RSA key import |
| Technology Area | HLOS |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.2 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | APQ8017, APQ8037, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM8937, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, Qualcomm215, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8180X+SDX55, SD 636, SD 675, SD 8cx Gen2, SD 8cx Gen3, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-22098
| CVE ID | CVE-2022-22098 |
| Title | Untrusted Pointer Dereference in Automotive Multimedia |
| Description | Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-822 Untrusted Pointer Dereference |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8096AU |
CVE-2022-22101
| CVE ID | CVE-2022-22101 |
| Title | Uncontrolled Resource Consumption in Automotive Multimedia |
| Description | Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.2 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8096AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P |
CVE-2022-22102
| CVE ID | CVE-2022-22102 |
| Title | Incorrect Type Conversion or Cast in Automotive Multimedia |
| Description | Memory corruption in multimedia due to incorrect type conversion while adding data |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-704 Incorrect Type Conversion or Cast |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | QCA6574AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P |
CVE-2022-25657
| CVE ID | CVE-2022-25657 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | 2021/07/19 |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, Qualcomm215, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25658
| CVE ID | CVE-2022-25658 |
| Title | Untrusted Pointer Dereference in Video |
| Description | Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function |
| Technology Area | Video |
| Vulnerability Type | CWE-822 Untrusted Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | 2021/07/20 |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, MDM9206, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, Qualcomm215, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDW2500, SDX20, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
CVE-2022-25659
| CVE ID | CVE-2022-25659 |
| Title | Buffer Copy Without Checking Size of Input in Video |
| Description | Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size |
| Technology Area | Video |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | 2021/08/15 |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9650, MSM8909W, MSM8917, MSM8937, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, Qualcomm215, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDW2500, SDX20, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-22096 | Critical | Critical | Bluetooth HOST | 01/05/2022 |
| CVE-2022-22058 | High | High | Kernel | 10/31/2021 |
| CVE-2022-22097 | High | High | Multimedia | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-35133 | Medium | Medium | Multimedia Frameworks | 08/03/2021 |
CVE-2022-22096
| CVE ID | CVE-2022-22096 |
| Title | Stack-based Buffer Overflow in Bluetooth HOST |
| Description | Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter |
| Technology Area | Bluetooth HOST |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/01/05 |
| Customer Notified Date | 2022/03/07 |
| Affected Chipsets* | AQT1000, QCA6390, QCA6391, SD 675, SD 8 Gen1 5G, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55M, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835 |
| Patch** |
CVE-2022-22058
| CVE ID | CVE-2022-22058 |
| Title | Possible Use-After-Free in Kernel |
| Description | Memory corruption due to use after free issue in kernel while processing ION handles |
| Technology Area | Kernel |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/10/31 |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8937, MSM8953, MSM8996AU, PM8937, QCA4020, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCN7605, QCN7606, QCS603, QCS605, Qualcomm215, SA415M, SD429, SD439, SD450, SD632, SD660, SD670, SD710, SD820, SD835, SD845, SD855, SDM429W, SDW2500, SDX20, SDX24, SDXR1, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3980, WCN3990, WCN3998, WSA8810, WSA8815 |
| Patch** |
CVE-2022-22097
| CVE ID | CVE-2022-22097 |
| Title | Use-after-free in Automotive Multimedia |
| Description | Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. |
| Technology Area | Multimedia |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/04/04 |
| Affected Chipsets* | QCS410, QCS610, WCD9341, WCD9370, WCN3950, WCN3980, WSA8810, WSA8815 |
| Patch** |
CVE-2021-35133
| CVE ID | CVE-2021-35133 |
| Title | Use After Free in Automotive OS |
| Description | Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls |
| Technology Area | Multimedia Frameworks |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.7 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/08/03 |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AR8035, QCA6174A, QCA6391, QCA8081, QCA8337, QCA9377, QCM6490, QCS6490, SD 8 Gen1 5G, SD480, SD780G, SD888 5G, SDX12, SDX65, SM7450, SM8475, SM8475P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8832, WSA8835 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2021-35122
- CVE-2022-22100
- CVE-2022-22104
- CVE-2021-35132
- CVE-2021-35135
- CVE-2022-22098
- CVE-2022-22101
- CVE-2022-22102
- CVE-2022-25657
- CVE-2022-25658
- CVE-2022-25659
- Open Source Software Issues
- CVE-2022-22096
- CVE-2022-22058
- CVE-2022-22097
- CVE-2021-35133
- Industry Coordination
