ID

VAR-202212-0797


CVE

CVE-2022-25677


TITLE

Use of freed memory vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023203

DESCRIPTION

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. APQ8096AU firmware, AQT1000 firmware, AR9380 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25677 // JVNDB: JVNDB-2022-023203

AFFECTED PRODUCTS

vendor:qualcommmodel:ipq4018scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4029scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9274scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9889scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9886scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8078scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5054scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd678scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5021scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9072scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca4024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq9008scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5124scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5022scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6851scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5122scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8068scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6112scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq6018scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8070scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:aqt1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmp8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9888scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdxr2 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3991scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8337scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6122scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8173scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx50mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9880scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4028scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8078ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6310scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd870scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6320scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9992scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq6010scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq9574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8076scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8065scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca7500scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csr8811scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5164scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9022scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9898scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6420scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5154scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8174scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8075scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6102scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6132scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8076ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qualcomm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5152scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ar9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8072scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq6028scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9012scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd730scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq6000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9985scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9994scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq5028scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9984scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5052scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn6023scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd720gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qsm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8072ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8070ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq5018scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8071ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn5024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn9070scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq5010scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:ipq4028scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar9380scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq4029scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:aqt1000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq8070scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq6028scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq6000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq5018scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csr8811scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq6018scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq8068scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq8064scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq8065scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq4018scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq8070ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq6010scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq5028scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq5010scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023203 // NVD: CVE-2022-25677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25677
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2022-25677
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-25677
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-2271
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-25677
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2022-25677
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-25677
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023203 // CNNVD: CNNVD-202212-2271 // NVD: CVE-2022-25677 // NVD: CVE-2022-25677

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023203 // NVD: CVE-2022-25677

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2271

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2271

PATCH

title:Google Pixel Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217677

Trust: 0.6

sources: CNNVD: CNNVD-202212-2271

EXTERNAL IDS

db:NVDid:CVE-2022-25677

Trust: 3.2

db:JVNDBid:JVNDB-2022-023203

Trust: 0.8

db:CNNVDid:CNNVD-202212-2271

Trust: 0.6

sources: JVNDB: JVNDB-2022-023203 // CNNVD: CNNVD-202212-2271 // NVD: CVE-2022-25677

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-25677

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-25677/

Trust: 0.6

sources: JVNDB: JVNDB-2022-023203 // CNNVD: CNNVD-202212-2271 // NVD: CVE-2022-25677

SOURCES

db:JVNDBid:JVNDB-2022-023203
db:CNNVDid:CNNVD-202212-2271
db:NVDid:CVE-2022-25677

LAST UPDATE DATE

2024-08-14T13:42:14.706000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023203date:2023-11-28T02:45:00
db:CNNVDid:CNNVD-202212-2271date:2022-12-16T00:00:00
db:NVDid:CVE-2022-25677date:2022-12-15T16:49:27.473

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023203date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-2271date:2022-12-05T00:00:00
db:NVDid:CVE-2022-25677date:2022-12-13T16:15:17.870