ID

VAR-202304-0955


CVE

CVE-2022-33282


TITLE

Integer overflow vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-024062

DESCRIPTION

Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. MSM8996AU firmware, QAM8295P firmware, QCA6574A Multiple Qualcomm products, including firmware, contain an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-33282 // JVNDB: JVNDB-2022-024062

AFFECTED PRODUCTS

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8540pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa9000pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qam8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8295pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:sa6145pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa9000pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8145pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6595scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6696scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6595auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8195pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8155pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6155pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8540pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8150pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qam8295pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6584auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa8155scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6150pscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sa6155scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574auscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-024062 // NVD: CVE-2022-33282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33282
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2022-33282
value: HIGH

Trust: 1.0

NVD: CVE-2022-33282
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202304-1050
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-33282
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2022-33282
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-33282
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-024062 // CNNVD: CNNVD-202304-1050 // NVD: CVE-2022-33282 // NVD: CVE-2022-33282

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:CWE-680

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-024062 // NVD: CVE-2022-33282

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202304-1050

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202304-1050

PATCH

title:Qualcomm Chipsets Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234776

Trust: 0.6

sources: CNNVD: CNNVD-202304-1050

EXTERNAL IDS

db:NVDid:CVE-2022-33282

Trust: 3.2

db:JVNDBid:JVNDB-2022-024062

Trust: 0.8

db:CNNVDid:CNNVD-202304-1050

Trust: 0.6

sources: JVNDB: JVNDB-2022-024062 // CNNVD: CNNVD-202304-1050 // NVD: CVE-2022-33282

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-33282

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33282/

Trust: 0.6

sources: JVNDB: JVNDB-2022-024062 // CNNVD: CNNVD-202304-1050 // NVD: CVE-2022-33282

SOURCES

db:JVNDBid:JVNDB-2022-024062
db:CNNVDid:CNNVD-202304-1050
db:NVDid:CVE-2022-33282

LAST UPDATE DATE

2024-10-16T23:19:46.862000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-024062date:2023-12-01T05:05:00
db:CNNVDid:CNNVD-202304-1050date:2023-04-25T00:00:00
db:NVDid:CVE-2022-33282date:2024-04-12T17:16:22.740

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-024062date:2023-12-01T00:00:00
db:CNNVDid:CNNVD-202304-1050date:2023-04-13T00:00:00
db:NVDid:CVE-2022-33282date:2023-04-13T07:15:16.637