Vulnerability-Lookup

BDU:2022-06012

Vulnerability from fstec - Published: 15.07.2021

Title

Уязвимость компонента Video микропрограммного обеспечения встраиваемых плат Qualcomm, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость компонента Video микропрограммного обеспечения встраиваемых плат Qualcomm связана с копированием буфера без проверки размера входных данных при обработке файлов формата WAV. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Google Inc, Qualcomm Technologies Inc.

Software Name

Android, QCA6390, MSM8917, MSM8953, SD 8 Gen1 5G, WCD9380, WCN6855, AQT1000, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD870, SD888 5G, SDX55M, SDXR2 5G, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, APQ8053, 215, SD439, SD460, SD480, SD662, SD680, SD695, SDX65, SM7450, SM8475, SM8475P, SD665, SD 675, SD 678, SD710, SD720G, SD730, SDX50M, SD636, SD429, SD632, SD660, SDM630, SDW2500, SDX20, SD 670, SD835, SD855, QCA6574, QCA6574A, QCA6574AU, WCD9370, WCN3950, WCN6740, QCA6595AU, QCA6696, QCS6490, SA6155P, SA8155P, SA8195P, WCD9340, WCD9341, WCD9375, WCD9385, WCN3980, WCN3988, APQ8017, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCM2290, QCM4290, QCS2290, QCS4290, SA6155, SA8155, SD865 5G, SD888, SM4125, SM6250, SM7250P, SM7315, SM7325P, SW5100P, WCD9326, WCD9335, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3990

Software Version

- (Android), - (QCA6390), - (MSM8917), - (MSM8953), - (SD 8 Gen1 5G), - (WCD9380), - (WCN6855), - (AQT1000), - (SD690 5G), - (SD750G), - (SD765), - (SD765G), - (SD768G), - (SD778G), - (SD780G), - (SD870), - (SD888 5G), - (SDX55M), - (SDXR2 5G), - (WCN3991), - (WCN3998), - (WCN6750), - (WCN6850), - (WCN6851), - (APQ8053), - (215), - (SD439), - (SD460), - (SD480), - (SD662), - (SD680), - (SD695), - (SDX65), - (SM7450), - (SM8475), - (SM8475P), - (SD665), - (SD 675), - (SD 678), - (SD710), - (SD720G), - (SD730), - (SDX50M), - (SD636), - (SD429), - (SD632), - (SD660), - (SDM630), - (SDW2500), - (SDX20), - (SD 670), - (SD835), - (SD855), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (WCD9370), - (WCN3950), - (WCN6740), - (QCA6595AU), - (QCA6696), - (QCS6490), - (SA6155P), - (SA8155P), - (SA8195P), - (WCD9340), - (WCD9341), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (APQ8017), - (QCA6391), - (QCA6420), - (QCA6426), - (QCA6430), - (QCA6436), - (QCM2290), - (QCM4290), - (QCS2290), - (QCS4290), - (SA6155), - (SA8155), - (SD865 5G), - (SD888), - (SM4125), - (SM6250), - (SM7250P), - (SM7315), - (SM7325P), - (SW5100P), - (WCD9326), - (WCD9335), - (WCN3615), - (WCN3660B), - (WCN3680), - (WCN3680B), - (WCN3910), - (WCN3990)

Possible Mitigations

Использование рекомендаций: Для Android: https://source.android.com/docs/security/bulletin/2022-09-01 Для Qualcomm: https://docs.qualcomm.com:443/product/publicresources/securitybulletin/september-2022-bulletin.html

Reference

https://source.android.com/docs/security/bulletin/2022-09-01 https://docs.qualcomm.com:443/product/publicresources/securitybulletin/september-2022-bulletin.html https://www.cybersecurity-help.cz/vdb/SB2022090806

CWE

CWE-119, CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc, Qualcomm Technologies Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Android), - (QCA6390), - (MSM8917), - (MSM8953), - (SD 8 Gen1 5G), - (WCD9380), - (WCN6855), - (AQT1000), - (SD690 5G), - (SD750G), - (SD765), - (SD765G), - (SD768G), - (SD778G), - (SD780G), - (SD870), - (SD888 5G), - (SDX55M), - (SDXR2 5G), - (WCN3991), - (WCN3998), - (WCN6750), - (WCN6850), - (WCN6851), - (APQ8053), - (215), - (SD439), - (SD460), - (SD480), - (SD662), - (SD680), - (SD695), - (SDX65), - (SM7450), - (SM8475), - (SM8475P), - (SD665), - (SD 675), - (SD 678), - (SD710), - (SD720G), - (SD730), - (SDX50M), - (SD636), - (SD429), - (SD632), - (SD660), - (SDM630), - (SDW2500), - (SDX20), - (SD 670), - (SD835), - (SD855), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (WCD9370), - (WCN3950), - (WCN6740), - (QCA6595AU), - (QCA6696), - (QCS6490), - (SA6155P), - (SA8155P), - (SA8195P), - (WCD9340), - (WCD9341), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (APQ8017), - (QCA6391), - (QCA6420), - (QCA6426), - (QCA6430), - (QCA6436), - (QCM2290), - (QCM4290), - (QCS2290), - (QCS4290), - (SA6155), - (SA8155), - (SD865 5G), - (SD888), - (SM4125), - (SM6250), - (SM7250P), - (SM7315), - (SM7325P), - (SW5100P), - (WCD9326), - (WCD9335), - (WCN3615), - (WCN3660B), - (WCN3680), - (WCN3680B), - (WCN3910), - (WCN3990)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Android:\nhttps://source.android.com/docs/security/bulletin/2022-09-01\n\n\u0414\u043b\u044f Qualcomm:\nhttps://docs.qualcomm.com:443/product/publicresources/securitybulletin/september-2022-bulletin.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.07.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06012",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-25686",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android, QCA6390, MSM8917, MSM8953, SD 8 Gen1 5G, WCD9380, WCN6855, AQT1000, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD870, SD888 5G, SDX55M, SDXR2 5G, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, APQ8053, 215, SD439, SD460, SD480, SD662, SD680, SD695, SDX65, SM7450, SM8475, SM8475P, SD665, SD 675, SD 678, SD710, SD720G, SD730, SDX50M, SD636, SD429, SD632, SD660, SDM630, SDW2500, SDX20, SD 670, SD835, SD855, QCA6574, QCA6574A, QCA6574AU, WCD9370, WCN3950, WCN6740, QCA6595AU, QCA6696, QCS6490, SA6155P, SA8155P, SA8195P, WCD9340, WCD9341, WCD9375, WCD9385, WCN3980, WCN3988, APQ8017, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCM2290, QCM4290, QCS2290, QCS4290, SA6155, SA8155, SD865 5G, SD888, SM4125, SM6250, SM7250P, SM7315, SM7325P, SW5100P, WCD9326, WCD9335, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3990",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Video \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Video \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0444\u0430\u0439\u043b\u043e\u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0430 WAV. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://source.android.com/docs/security/bulletin/2022-09-01\nhttps://docs.qualcomm.com:443/product/publicresources/securitybulletin/september-2022-bulletin.html\nhttps://www.cybersecurity-help.cz/vdb/SB2022090806",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

CVE-2022-25686 (GCVE-0-2022-25686)

Vulnerability from cvelistv5 – Published: 2022-09-16 05:25 – Updated: 2024-08-03 04:42

Summary

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

Buffer Copy Without Checking Size of Input in Video

Assigner

qualcomm

References

URL

Tags

https://www.qualcomm.com/company/product-security…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables	Affected: APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, Qualcomm215, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:42:50.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, Qualcomm215, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Copy Without Checking Size of Input in Video",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-16T05:25:55.000Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2022-25686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, Qualcomm215, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 636, SD 675, SD 8 Gen1 5G, SD429, SD439, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD680, SD690 5G, SD695, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250P, SM7315, SM7325P, SM7450, SM8475, SM8475P, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Copy Without Checking Size of Input in Video"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25686",
    "datePublished": "2022-09-16T05:25:56.000Z",
    "dateReserved": "2022-02-22T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:42:50.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-06012

CVE-2022-25686 (GCVE-0-2022-25686)

Tags

Sightings

Nomenclature