Navigator

2026 Security Bulletins

2025 Security Bulletins

2024 Security Bulletins

2023 Security Bulletins

2022 Security Bulletins

December

November

October

September

August

July

June

May

April

March

February

January

2021 Security Bulletins

2020 Security Bulletins

2019 Security Bulletins

2018 Security Bulletins

Legal notice

October 2022 Security Bulletin

Updated On: 01/05/2023

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.

Please reach out to [email protected] for any questions related to this bulletin.

Announcements

Acknowledgements

Proprietary Software Issues

Open Source Software Issues

Industry Coordination

Announcements

None

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2022-25660,CVE-2022-25661,CVE-2022-25665	Pengfei Ding(丁鹏飞)
CVE-2022-33214	lovepink
CVE-2022-33217	chen gengjia
CVE-2022-22078	Gengjia Chen ( @chengjia4574 ) from IceSword Lab
CVE-2022-25662	Le Wu of Baidu Security
CVE-2022-25663	Gengjia Chen ( @chengjia4574 ) from IceSword LabGengjia Chen ( @chengjia4574 ) from IceSword Lab
CVE-2022-25664	Man Yue Mo of GitHub Security Lab
CVE-2022-25666	Seonung Jang(@IFdLRx4At1WFm74)

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2022-25718	Critical	Critical	Network Service	Internal
CVE-2022-25748	Critical	Critical	WLAN Firmware	Internal
CVE-2022-25660	High	High	KERNEL	12/01/2021
CVE-2022-25661	High	High	KERNEL	12/07/2021
CVE-2022-25687	High	High	Video	Internal
CVE-2022-25719	High	High	Network Service	Internal
CVE-2022-25736	High	High	WLAN Firmware	Internal
CVE-2022-25749	High	High	WLAN Firmware	Internal
CVE-2022-33210	High	High	Multimedia	Internal

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2022-25662	Medium	Medium	Video	07/14/2021
CVE-2022-25663	Medium	Medium	WLAN Windows Host	07/20/2021
CVE-2022-25665	Medium	Medium	KERNEL	12/07/2021

CVE-2022-25718

CVE ID	CVE-2022-25718
Title	Cryptographic Issue in WLAN
Description	Cryptographic issue in WLAN due to improper check on return value while authentication handshake
Technology Area	Network Service
Vulnerability Type	CWE-310 Cryptographic Issues
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.1
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8064AU, APQ8076, APQ8092, APQ8094, APQ8096AU, AR8031, CSRA6620, CSRA6640, CSRB31024, MDM8215, MDM9205, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8992, MSM8994, MSM8996AU, PM8937, QCA0000, QCA1023, QCA1990, QCA4004, QCA4010, QCA4020, QCA4024, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9369, QCA9377, QCA9379, QCC5100, QCS405, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD820, SD821, SD835, SD845, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX55, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25748

CVE ID	CVE-2022-25748
Title	Integer Overflow to Buffer Overflow in WLAN
Description	Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames.
Technology Area	WLAN Firmware
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8017, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8996AU, PMP8074, QAM8295P, QCA1023, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9377, QCA9379, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25660

CVE ID	CVE-2022-25660
Title	Double Free in Kernel
Description	Memory corruption due to double free issue in kernel
Technology Area	KERNEL
Vulnerability Type	CWE-415 Double Free
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	7.8
CVSS String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported	2021/12/01
Customer Notified Date	2022/04/04
Affected Chipsets*	AQT1000, AR8035, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM6490, QCS603, QCS605, QCS6490, QSM8350, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD678, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7325P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25661

CVE ID	CVE-2022-25661
Title	Untrusted Pointer Dereference in Kernel
Description	Memory corruption due to untrusted pointer dereference in kernel
Technology Area	KERNEL
Vulnerability Type	CWE-822 Untrusted Pointer Dereference
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	2021/12/07
Customer Notified Date	2022/04/04
Affected Chipsets*	AQT1000, AR8035, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM6490, QCN9011, QCN9012, QCS603, QCS605, QCS6490, QRB5165, QRB5165M, QRB5165N, QSM8350, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD678, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7325P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25687

CVE ID	CVE-2022-25687
Title	Buffer Copy Without Checking Size of Input in Video
Description	memory corruption in video due to buffer overflow while parsing asf clips
Technology Area	Video
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.3
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8052, APQ8053, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, FSM10056, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9379, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS605, QCS610, QCS6125, QCS6490, Qualcomm215, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 636, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25719

CVE ID	CVE-2022-25719
Title	Buffer Over-read in WLAN
Description	Information disclosure in WLAN due to improper length check while processing authentication handshake
Technology Area	Network Service
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	8.2
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8076, APQ8084, AR8031, CSR8811, CSRA6620, CSRA6640, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9205, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9330, MDM9625, MDM9625M, MDM9630, MDM9635M, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, PM8937, QCA1990, QCA4004, QCA4010, QCA4020, QCA4024, QCA6164, QCA6174, QCA6174A, QCA8075, QCA8081, QCA9377, QCA9379, QCA9888, QCA9889, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QET4101, QSW8573, Qualcomm215, SD205, SD210, SD429, SD439, SD450, SD632, SDA429W, SDM429W, SDW2500, WCD9306, WCD9326, WCD9335, WCD9340, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3980, WCN3998, WCN3999, WSA8810, WSA8815

CVE-2022-25736

CVE ID	CVE-2022-25736
Title	Buffer Over-read in WLAN
Description	Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame
Technology Area	WLAN Firmware
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, MDM8215, MDM9215, MDM9310, MDM9607, MDM9615, MDM9628, PMP8074, QAM8295P, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9377, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25749

CVE ID	CVE-2022-25749
Title	Buffer Over-read in WLAN
Description	Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames.
Technology Area	WLAN Firmware
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8017, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, IPQ9008, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8996AU, PMP8074, QAM8295P, QCA0000, QCA1023, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8082, QCA8084, QCA8085, QCA8337, QCA8386, QCA9367, QCA9369, QCA9377, QCA9379, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9001, QCN9002, QCN9003, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCN9274, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSM8350, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SM4375, SM6250, SM6250P, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-33210

CVE ID	CVE-2022-33210
Title	Use of Out-of-range Pointer Offset in Automotive Multimedia
Description	Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value.
Technology Area	Multimedia
Vulnerability Type	CWE-823 Use of Out-of-range Pointer Offset
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8064AU, APQ8096AU, MSM8996AU, QAM8295P, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SA8540P, SA9000P

CVE-2022-25662

CVE ID	CVE-2022-25662
Title	Untrusted Pointer Dereference in Video
Description	Information disclosure due to untrusted pointer dereference in kernel
Technology Area	Video
Vulnerability Type	CWE-822 Untrusted Pointer Dereference
Access Vector	Remote
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	5.3
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Date Reported	2021/07/14
Customer Notified Date	2022/04/04
Affected Chipsets*	APQ8096AU, MSM8996AU, QAM8295P, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCC5100, QCS410, QCS610, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD429, SD710, SD778G, SD780G, SD835, SD845, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDX55M, SDXR1, SDXR2 5G, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25663

CVE ID	CVE-2022-25663
Title	Buffer Over-read in WLAN
Description	Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service
Technology Area	WLAN Windows Host
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	5.5
CVSS String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Date Reported	2021/07/20
Customer Notified Date	2022/04/04
Affected Chipsets*	AQT1000, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6390, QCA6391, QCA6420, QCA6430, SD 8cx Gen2, SD 8cx Gen3, SD778G, SD7c, SD850, SM6250, WCD9340, WCD9341, WCD9380, WCD9385, WCN3990, WCN3991, WCN3998, WCN6750, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2022-25665

CVE ID	CVE-2022-25665
Title	Buffer Over-read in Kernel
Description	Information disclosure due to buffer over read in kernel
Technology Area	KERNEL
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.8
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported	2021/12/07
Customer Notified Date	2022/04/04
Affected Chipsets*	AQT1000, AR8035, QAM8295P, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCS603, QCS605, QSM8350, SA6145P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8295P, SA8540P, SA9000P, SD 675, SD 8 Gen1 5G, SD 8CX, SD 8cx Gen2, SD 8cx Gen3, SD670, SD675, SD678, SD765, SD765G, SD768G, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDX57M, SDX65, SDXR2 5G, SM7250P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2022-25720	Critical	Critical	WLAN HOST	Internal
CVE-2022-22077	High	High	Graphics	Internal
CVE-2022-25723	High	High	Multimedia Frameworks	Internal
CVE-2022-25750	High	High	Bluetooth HOST	Internal
CVE-2022-33214	High	High	Display	03/02/2022
CVE-2022-33217	High	High	Qualcomm IPC	04/25/2022

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2022-22078	Medium	Medium	Boot	09/09/2020
CVE-2022-25664	Medium	Medium	Graphics	12/05/2021
CVE-2022-25666	Medium	Medium	DSP Service	12/14/2021

CVE-2022-25720

CVE ID	CVE-2022-25720
Title	Improper Validation of Array Index in WLAN
Description	Memory corruption in WLAN due to out of bound array access during connect/roaming
Technology Area	WLAN HOST
Vulnerability Type	CWE-129 Improper Validation of Array Index
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8052, APQ8053, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR6003, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA4020, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCC5100, QCM6125, QCN6024, QCN7605, QCN7606, QCN9024, QCS405, QCS410, QCS605, QCS610, QCS6125, QCX315, QET4101, QRB5165, QRB5165M, QRB5165N, QSW8573, Qualcomm215, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD670, SD675, SD678, SD710, SD730, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM4125, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN3999, WCN6740, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/704b9257f192bdaa2150bf0d6c263736d09b8600 https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/-/commit/9fd9f25630708ab50bed37599b8b85906cda4edf https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/1eb39939a50ce944f8bf6b9b33b248753b8f2f87 https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/prima/-/commit/c9aae70ae84b2e7c2c18c95406f5f5364c6025ff https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/-/commit/3fb422f1840dc7ff95c72aefc5e461029c99da77 https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/-/commit/b61faa63366b5d869e6aeebef7fb2759480b2cd9 https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/prima/-/commit/3f82ab6e52dade45289642aec6cf96e6eec056d2

CVE-2022-22077

CVE ID	CVE-2022-22077
Title	Use-After-Free in Graphics
Description	Memory corruption in graphics due to use-after-free in graphics dispatcher logic
Technology Area	Graphics
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/bec4be828440e4584aad0ab7a5f43a40da6b4bd8

CVE-2022-25723

CVE ID	CVE-2022-25723
Title	Use-After-Free in Multimedia Frameworks
Description	Memory corruption in multimedia due to use after free during callback registration failure
Technology Area	Multimedia Frameworks
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/d78c4ee855aa2ee1705011723f5ec9e1d33d2ed8

CVE-2022-25750

CVE ID	CVE-2022-25750
Title	Double Free in BTHOST
Description	Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset
Technology Area	Bluetooth HOST
Vulnerability Type	CWE-415 Double Free
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	2022/07/04
Affected Chipsets*	Kailua, SG8275, SG8275P, SM8550, WCD9380, WCD9385, WCD9390, WCD9395, WCN6855, WCN6856, WCN7850, WCN7851, WSA8840, WSA8845, WSA8845H
Patch**	https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/0f60a0e18af70b029c135555dbdf451efd8242f3

CVE-2022-33214

CVE ID	CVE-2022-33214
Title	Time-of-check time-of-use race condition in Display
Description	Memory corruption in display due to time-of-check time-of-use of metadata reserved size
Technology Area	Display
Vulnerability Type	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	2022/03/02
Customer Notified Date	2022/07/04
Affected Chipsets*	AQT1000, QAM8295P, QCA6390, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCC5100, QCM2290, QCM4290, QCM6125, QCM6490, QCN7606, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, SA4150P, SA4155P, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD439, SD460, SD480, SD660, SD662, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDX50M, SDX55, SDX55M, SM4125, SM4375, SM6250, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/platform/hardware/qcom/display/-/commit/32bf0ef375046dc91fd6f740201ebfbdf4bdfa0d

CVE-2022-33217

CVE ID	CVE-2022-33217
Title	Buffer copy without checking size of input in Qualcomm IPC
Description	Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel.
Technology Area	Qualcomm IPC
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	7.8
CVSS String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported	2022/04/25
Customer Notified Date	2022/07/04
Affected Chipsets*	SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WCN7850, WCN7851, WSA8830, WSA8835
Patch**	CodeLinaro link unavailable

CVE-2022-22078

CVE ID	CVE-2022-22078
Title	Integer Overflow or Wraparound issues in BOOT
Description	Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated
Technology Area	Boot
Vulnerability Type	CWE-190 Integer Overflow or Wraparound
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	4.6
CVSS String	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported	2020/09/09
Customer Notified Date	2022/04/04
Affected Chipsets*	AQT1000, AR8035, CSRB31024, FSM10056, MDM9150, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCS603, QCS605, QCS8155, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD835, SD845, SD855, SD865 5G, SD870, SDX24, SDX55, SDX55M, SDXR2 5G, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9380, WCD9385, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/abl/tianocore/edk2/-/commit/e4400040ab8c201e1ead978e1d3fa836197979e7 https://git.codelinaro.org/clo/la/abl/tianocore/edk2/-/commit/6beaebcdc54d2a6983ee3f71b18b8ceef37f91b5

CVE-2022-25664

CVE ID	CVE-2022-25664
Title	Information Exposure in Graphics Linux
Description	Information disclosure due to exposure of information while GPU reads the data
Technology Area	Graphics
Vulnerability Type	CWE-200 Information Exposure
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.2
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	2021/12/05
Customer Notified Date	2022/04/04
Affected Chipsets*	APQ8009, APQ8052, APQ8053, APQ8056, APQ8076, APQ8096AU, AQT1000, MDM9150, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCC5100, QCM6125, QCS410, QCS605, QCS610, QCS6125, QCS8155, QSM8250, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD660, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/40bce4fceb2ed31e4ab175665fc9e98b21157d9c

CVE-2022-25666

CVE ID	CVE-2022-25666
Title	Use After Free in DSP Services
Description	Memory corruption due to use after free in service while trying to access maps by different threads
Technology Area	DSP Service
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.7
CVSS String	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported	2021/12/14
Customer Notified Date	2022/04/04
Affected Chipsets*	APQ8096AU, AQT1000, AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9650, MSM8996AU, PMP8074, QAM8295P, QCA4024, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCC5100, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS410, QCS610, QCS8155, QSM8250, Qualcomm215, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX55, SDX55M, SDXR2 5G, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/da2bdbc79742a7caadea3f7c24296aea211a52e4

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

Consideration of security protections such as SELinux not enforced on some platforms
Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.

San Diego, CA 92121

U.S.A.

Products

Applications

Developer

Support

Company

October 2022 Security Bulletin

Updated On: 01/05/2023

Table of Contents

Announcements

Acknowledgements

Proprietary Software Issues

CVE-2022-25718

CVE-2022-25748

CVE-2022-25660

CVE-2022-25661

CVE-2022-25687

CVE-2022-25719

CVE-2022-25736

CVE-2022-25749

CVE-2022-33210

CVE-2022-25662

CVE-2022-25663

CVE-2022-25665

Open Source Software Issues

CVE-2022-25720

CVE-2022-22077

CVE-2022-25723

CVE-2022-25750

CVE-2022-33214

CVE-2022-33217

CVE-2022-22078

CVE-2022-25664

CVE-2022-25666

Industry Coordination

Strictly Necessary Cookies

Share Or Sale of Personal Information

Analytics Cookies

Personalization Cookies

Targeting Cookies