Details of VAR-202212-0660

ID

VAR-202212-0660

CVE

CVE-2022-25702

TITLE

Reachable Assertion Vulnerability in Multiple Qualcomm Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023283

DESCRIPTION

Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. APQ8009 firmware, APQ8017 firmware, APQ8037 Multiple Qualcomm products, such as firmware, contain a reachable assertion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25702 // JVNDB: JVNDB-2022-023283

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx65	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8108	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd780g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8208	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8608	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd750g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6431	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8037	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd695	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6421	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fsm10055	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm4375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7315	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd480	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8209	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8035	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8 gen1 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6750	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6740	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcx315	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd768g	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	ar8035	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca8081	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fsm10055	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8208	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6436	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8108	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6421	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6391	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6390	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8037	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8209	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8608	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6426	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6431	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8917	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca8337	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8937	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023283 // NVD: CVE-2022-25702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25702
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2022-25702
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25702
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-2260
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-25702
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25702
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023283 // CNNVD: CNNVD-202212-2260 // NVD: CVE-2022-25702 // NVD: CVE-2022-25702

PROBLEMTYPE DATA

problemtype:	CWE-617	Trust: 1.0
problemtype:	Reachable assertions (CWE-617) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023283 // NVD: CVE-2022-25702

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2260

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2260

PATCH

title:

Google Pixel Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=217667

Trust: 0.6

sources: CNNVD: CNNVD-202212-2260

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25702	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-023283	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-2260	Trust: 0.6

sources: JVNDB: JVNDB-2022-023283 // CNNVD: CNNVD-202212-2260 // NVD: CVE-2022-25702

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25702	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-25702/	Trust: 0.6

sources: JVNDB: JVNDB-2022-023283 // CNNVD: CNNVD-202212-2260 // NVD: CVE-2022-25702

SOURCES

db:	JVNDB	id:	JVNDB-2022-023283
db:	CNNVD	id:	CNNVD-202212-2260
db:	NVD	id:	CVE-2022-25702

LAST UPDATE DATE

2024-08-14T13:21:25.367000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023283	date:	2023-11-28T03:13:00
db:	CNNVD	id:	CNNVD-202212-2260	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-25702	date:	2023-04-19T17:10:55.030

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023283	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202212-2260	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2022-25702	date:	2022-12-13T16:15:18.620