ID

VAR-202301-0256


CVE

CVE-2022-22079


TITLE

plural  Qualcomm  Product out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-004723

DESCRIPTION

Denial of service while processing fastboot flash command on mmc due to buffer over read. plural Qualcomm The product contains an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-22079 // JVNDB: JVNDB-2022-004723 // VULMON: CVE-2022-22079

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8108scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd626scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca4020scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8208scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qualcomm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8209scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8608scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9628scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdw2500scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8064auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8064auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9250scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8208scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9628scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009wscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8108scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004723 // NVD: CVE-2022-22079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22079
value: MEDIUM

Trust: 1.0

product-security@qualcomm.com: CVE-2022-22079
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-004723
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-205
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-22079
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-004723
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-004723 // CNNVD: CNNVD-202301-205 // NVD: CVE-2022-22079 // NVD: CVE-2022-22079

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004723 // NVD: CVE-2022-22079

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202301-205

PATCH

title:January 2023 Security Bulletinurl:https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html

Trust: 0.8

title:Google Android Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=221290

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-22079

Trust: 0.1

sources: VULMON: CVE-2022-22079 // JVNDB: JVNDB-2022-004723 // CNNVD: CNNVD-202301-205

EXTERNAL IDS

db:NVDid:CVE-2022-22079

Trust: 3.3

db:JVNDBid:JVNDB-2022-004723

Trust: 0.8

db:CNNVDid:CNNVD-202301-205

Trust: 0.6

db:VULMONid:CVE-2022-22079

Trust: 0.1

sources: VULMON: CVE-2022-22079 // JVNDB: JVNDB-2022-004723 // CNNVD: CNNVD-202301-205 // NVD: CVE-2022-22079

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-22079

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2023-40220

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22079/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-22079

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-22079 // JVNDB: JVNDB-2022-004723 // CNNVD: CNNVD-202301-205 // NVD: CVE-2022-22079

SOURCES

db:VULMONid:CVE-2022-22079
db:JVNDBid:JVNDB-2022-004723
db:CNNVDid:CNNVD-202301-205
db:NVDid:CVE-2022-22079

LAST UPDATE DATE

2024-08-14T15:37:15.587000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-22079date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-004723date:2023-04-28T09:15:00
db:CNNVDid:CNNVD-202301-205date:2023-01-13T00:00:00
db:NVDid:CVE-2022-22079date:2023-01-12T23:59:02.387

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-22079date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-004723date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202301-205date:2023-01-04T00:00:00
db:NVDid:CVE-2022-22079date:2023-01-09T08:15:11.053