ID

VAR-202209-0271


CVE

CVE-2022-22095


TITLE

Use of freed memory vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017303

DESCRIPTION

Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. APQ8053 firmware, MSM8953 firmware, QCA6390 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-22095 // JVNDB: JVNDB-2022-017303 // VULMON: CVE-2022-22095

AFFECTED PRODUCTS

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd662scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs2290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6851scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd460scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd690 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3991scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdxr2 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165nscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3910scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd750gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm4125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd870scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd768gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs4290scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd690 5gscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd662scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6436scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcs4290scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcm4290scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd460scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qrb5165mscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qrb5165scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6426scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcm2290scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qrb5165nscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd750gscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcs2290scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd439scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd680scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8953scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd765scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-017303 // NVD: CVE-2022-22095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22095
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2022-22095
value: HIGH

Trust: 1.0

NVD: CVE-2022-22095
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-241
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-22095
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2022-22095
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22095
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017303 // CNNVD: CNNVD-202209-241 // NVD: CVE-2022-22095 // NVD: CVE-2022-22095

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-017303 // NVD: CVE-2022-22095

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-241

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202209-241

EXTERNAL IDS

db:NVDid:CVE-2022-22095

Trust: 3.3

db:JVNDBid:JVNDB-2022-017303

Trust: 0.8

db:AUSCERTid:ESB-2022.4460

Trust: 0.6

db:CNNVDid:CNNVD-202209-241

Trust: 0.6

db:VULMONid:CVE-2022-22095

Trust: 0.1

sources: VULMON: CVE-2022-22095 // JVNDB: JVNDB-2022-017303 // CNNVD: CNNVD-202209-241 // NVD: CVE-2022-22095

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22095

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.4460

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-september-2022-39200

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22095/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-22095 // JVNDB: JVNDB-2022-017303 // CNNVD: CNNVD-202209-241 // NVD: CVE-2022-22095

SOURCES

db:VULMONid:CVE-2022-22095
db:JVNDBid:JVNDB-2022-017303
db:CNNVDid:CNNVD-202209-241
db:NVDid:CVE-2022-22095

LAST UPDATE DATE

2024-08-14T13:02:16.022000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-22095date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-017303date:2023-10-12T05:01:00
db:CNNVDid:CNNVD-202209-241date:2022-09-21T00:00:00
db:NVDid:CVE-2022-22095date:2022-09-20T13:15:51.917

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-22095date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-017303date:2023-10-12T00:00:00
db:CNNVDid:CNNVD-202209-241date:2022-09-06T00:00:00
db:NVDid:CVE-2022-22095date:2022-09-16T06:15:10.423