November 2022 Security Bulletin
Updated On: 01/05/2023
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2022-25667 | Xuewei Feng, Ke Xu, & Qi Li (Tsinghua University), Kun Sun (George Mason University), and Yuxiang Yang (Tsinghua University) |
| CVE-2022-25743,CVE-2022-25676 | Le Wu of Baidu Security |
| CVE-2022-25674 | Follow-up KRACK paper. Pentest performed by T-Systems, who reported it to Bosch, who reported it to us. |
| CVE-2022-25679 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-25727 | Critical | Critical | Data Network Stack & Connectivity | Internal |
| CVE-2022-25667 | High | High | Network Sub-system Firmware | 12/13/2021 |
| CVE-2022-25671 | High | High | Modem | Internal |
| CVE-2022-25710 | High | High | Automotive Connectivity | Internal |
| CVE-2022-25742 | High | High | Network Service | Internal |
| CVE-2022-33234 | High | High | Video | Internal |
| CVE-2022-33236 | High | High | WLAN Firmware | Internal |
| CVE-2022-33237 | High | High | WLAN Firmware | Internal |
| CVE-2022-33239 | High | High | WLAN Firmware | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-25674 | Medium | Medium | Network Service | 11/27/2019 |
| CVE-2022-25676 | Medium | Medium | Video | 07/15/2021 |
| CVE-2022-25679 | Medium | Medium | Video | 01/19/2022 |
CVE-2022-25727
| CVE ID | CVE-2022-25727 |
| Title | Use of Out-of-range Pointer Offset in MODEM |
| Description | Memory Corruption in modem due to improper length check while copying into memory |
| Technology Area | Data Network Stack & Connectivity |
| Vulnerability Type | CWE-823 Use of Out-of-range Pointer Offset |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, WCD9306, WCD9330, WCD9335, WCN3980, WCN3998, WCN3999, WSA8810, WSA8815 |
CVE-2022-25667
| CVE ID | CVE-2022-25667 |
| Title | Information Disclosure in Kernel |
| Description | Information disclosure in kernel due to improper handling of ICMP requests |
| Technology Area | Network Sub-system Firmware |
| Vulnerability Type | CWE-287 Improper Authentication |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Date Reported | 2021/12/13 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, QCA4024, QCA7500, QCA8072, QCA8075, QCA8081, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100 |
CVE-2022-25671
| CVE ID | CVE-2022-25671 |
| Title | Reachable Assertion in MODEM |
| Description | Denial of service in MODEM due to reachable assertion |
| Technology Area | Modem |
| Vulnerability Type | CWE-617 Reachable Assertion |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | AR8035, QCA8081, QCA8337, QCN6024, QCN9024, SD 8 Gen1 5G, SDX65, WCD9380, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8835 |
CVE-2022-25710
| CVE ID | CVE-2022-25710 |
| Title | Dereferencing a pointer that is already freed |
| Description | Denial of service due to null pointer dereference when GATT is disconnected |
| Technology Area | Automotive Connectivity |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/06/06 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8096AU, AR8031, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QAM8295P, QCA4020, QCA6174A, QCA6175A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCS405, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD626, SDX20, SDX20M, SDX55, WCD9326, WCD9335, WCD9360, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3980, WCN3998, WCN3999, WSA8810, WSA8815 |
CVE-2022-25742
| CVE ID | CVE-2022-25742 |
| Title | Loop with Unreachable Exit Condition in MODEM |
| Description | Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server |
| Technology Area | Network Service |
| Vulnerability Type | CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM8207, MDM9205, MDM9206, MDM9207, MDM9607, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, WCD9306, WCD9330, WCD9335, WCN3980, WCN3998, WCN3999, WSA8810, WSA8815 |
CVE-2022-33234
| CVE ID | CVE-2022-33234 |
| Title | Configuration weakness in video |
| Description | Memory corruption in video due to configuration weakness. |
| Technology Area | Video |
| Vulnerability Type | CWE-16 Configuration |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.3 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AQT1000, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCS2290, QCS410, QCS4290, QCS605, QCS610, QCS6125, QCS6490, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD429, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SXR2150P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33236
| CVE ID | CVE-2022-33236 |
| Title | Buffer over-read in WLAN |
| Description | Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AR8035, CSR8811, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, QCA4024, QCA6390, QCA6391, QCA6426, QCA6436, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9888, QCA9889, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9001, QCN9002, QCN9003, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, SD 8 Gen1 5G, SD865 5G, SD870, SDX65, WCD9380, WCN6740, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33237
| CVE ID | CVE-2022-33237 |
| Title | Buffer over-read in WLAN |
| Description | Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, MDM9206, MDM9607, MDM9628, PMP8074, QAM8295P, QCA0000, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX20M, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-33239
| CVE ID | CVE-2022-33239 |
| Title | Loop with unreachable exit condition in WLAN |
| Description | Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. |
| Technology Area | WLAN Firmware |
| Vulnerability Type | CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8009, APQ8017, APQ8096AU, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, MDM8215, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8996AU, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9888, QCA9889, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX12, SDX20M, SDX50M, SDX55, SDX55M, SDX65, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-25674
| CVE ID | CVE-2022-25674 |
| Title | Cryptographic Issues in WLAN |
| Description | Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol |
| Technology Area | Network Service |
| Vulnerability Type | CWE-310 Cryptographic Issues |
| Access Vector | Remote |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Date Reported | 2019/11/27 |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | AR8031, CSRA6620, CSRA6640, MDM9205, QCA4004, QCA4010, QCA4020, QCA4024, QCS405, WCD9306, WCD9335, WCN3980, WCN3998, WCN3999, WSA8810, WSA8815 |
CVE-2022-25676
| CVE ID | CVE-2022-25676 |
| Title | Buffer Over-read in Video |
| Description | Information disclosure in video due to buffer over-read while parsing avi files |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| Date Reported | 2021/07/15 |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | AQT1000, QAM8295P, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD439, SD460, SD480, SD625, SD626, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM4375, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2022-25679
| CVE ID | CVE-2022-25679 |
| Title | Improper Access Control in Video |
| Description | Denial of service in video due to improper access control in broadcast receivers |
| Technology Area | Video |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 6.2 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2022/01/19 |
| Customer Notified Date | 2022/05/02 |
| Affected Chipsets* | AQT1000, QCA6390, QCA6391, QCA6420, QCA6430, QCM2290, QCM4290, QCM6490, QCN7606, QCS2290, QCS4290, QCS6490, SD 675, SD 8 Gen1 5G, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55M, SM4375, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2022-25724 | High | High | Graphics | Internal |
| CVE-2022-25741 | High | High | WLAN HOST | Internal |
| CVE-2022-25743 | High | High | Graphics | 03/08/2022 |
CVE-2022-25724
| CVE ID | CVE-2022-25724 |
| Title | Buffer Copy Without Checking Size of Input in Graphics |
| Description | Memory corruption in graphics due to buffer overflow while validating the user address |
| Technology Area | Graphics |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/07/04 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8052, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA4020, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024, QCS2290, QCS405, QCS410, QCS4290, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, Qualcomm215, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 636, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD625, SD626, SD632, SD660, SD662, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2022-25741
| CVE ID | CVE-2022-25741 |
| Title | NULL Pointer Dereference in WLAN |
| Description | Denial of service in WLAN due to potential null pointer dereference while accessing the memory location |
| Technology Area | WLAN HOST |
| Vulnerability Type | CWE-476 NULL Pointer Dereference |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | AQT1000, AR8035, CSRA6620, CSRA6640, CSRB31024, QAM8295P, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCC5100, QCM2290, QCM4290, QCM6490, QCN6024, QCN9024, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QRB5165, QRB5165M, QRB5165N, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD460, SD660, SD662, SD675, SD678, SD680, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2022-25743
| CVE ID | CVE-2022-25743 |
| Title | Use-After-Free in Graphics |
| Description | Memory corruption in graphics due to use-after-free while importing graphics buffer |
| Technology Area | Graphics |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2022/03/08 |
| Customer Notified Date | 2022/08/01 |
| Affected Chipsets* | APQ8009, APQ8009W, APQ8017, APQ8052, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA4020, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN9024, QCS2290, QCS405, QCS410, QCS4290, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QSM8250, Qualcomm215, SA4150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 636, SD 675, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD625, SD626, SD632, SD660, SD662, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2022-25727
- CVE-2022-25667
- CVE-2022-25671
- CVE-2022-25710
- CVE-2022-25742
- CVE-2022-33234
- CVE-2022-33236
- CVE-2022-33237
- CVE-2022-33239
- CVE-2022-25674
- CVE-2022-25676
- CVE-2022-25679
- Open Source Software Issues
- CVE-2022-25724
- CVE-2022-25741
- CVE-2022-25743
- Industry Coordination
