CVE-2022-33292

nvd nist

Published: May 2, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it.

Affected (8)

Products: Qualcomm: Sg4150p Firmware, Sm6225 Firmware, Sm6225 Ad Firmware, Wcd9370 Firmware, Wcd9375 Firmware, Wcn3950 Firmware, Wcn3988 Firmware, Wsa8810 Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sg4150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sg4150p	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6225 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6225	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6225 Ad Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6225 Ad	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9370 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9370	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9375 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9375	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3950 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3950	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3988 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3988	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.