CVE-2022-33281

Published: May 2, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.

Affected (8)

Products: Qualcomm: Wcn685x 5 Firmware, Wcn685x 1 Firmware, Wcn785x 1 Firmware, Wcn785x 5 Firmware, Sm8450 Firmware, Wcd9380 Firmware, Wsa8830 Firmware, Wsa8835 Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn685x 5 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn685x 5	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn685x 1 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn685x 1	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn785x 1 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn785x 1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn785x 5 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn785x 5	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8450	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9380 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9380	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.