CVE-2022-25727

Published: Nov 15, 2022Modified: Apr 22, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Affected (21)

Products: Qualcomm: Ar8031 Firmware, Csra6620 Firmware, Csra6640 Firmware, Mdm8207 Firmware, Mdm9205 Firmware, Mdm9206 Firmware, Mdm9207 Firmware, Mdm9607 Firmware, Qca4004 Firmware, Qca4010 Firmware, Qca4020 Firmware, Qca4024 Firmware, Qcs405 Firmware, Wcd9306 Firmware, Wcd9330 Firmware, Wcd9335 Firmware, Wcn3980 Firmware, Wcn3998 Firmware, Wcn3999 Firmware, Wsa8810 Firmware, Wsa8815 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar8031 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar8031	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Csra6620 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Csra6620	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Csra6640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Csra6640	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm8207 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm8207	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9205	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9207 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9207	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4004 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4004	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4010 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4010	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4020 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4020	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4024 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4024	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs405 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs405	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9306 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9306	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9330 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9330	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9335 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9335	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3980	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3998 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3998	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3999 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3999	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8815 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8815	All versions

Related CWEs

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.