Vulnerabilities > CVE-2022-22072 - Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-1284

NVD

Published: 2022-06-14

Updated: 2023-08-08

Summary

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Apq8009 Firmware - Qualcomm Apq8017 Firmware - Qualcomm Apq8053 Firmware - Qualcomm Apq8096Au Firmware - Qualcomm Ar8031 Firmware - Qualcomm Csra6620 Firmware - Qualcomm Csra6640 Firmware - Qualcomm Mdm9150 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9250 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9626 Firmware - Qualcomm Mdm9628 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm Msm8937 Firmware - Qualcomm Pm8937 Firmware - Qualcomm Qca4020 Firmware - Qualcomm Qca6174A Firmware - Qualcomm Qca6175A Firmware - Qualcomm Qca6310 Firmware - Qualcomm Qca6320 Firmware - Qualcomm Qca6335 Firmware - Qualcomm Qca6564A Firmware - Qualcomm Qca6564Au Firmware - Qualcomm Qca6574 Firmware - Qualcomm Qca6574A Firmware - Qualcomm Qca6574Au Firmware - Qualcomm Qca9367 Firmware - Qualcomm Qca9377 Firmware - Qualcomm Qca9379 Firmware - Qualcomm Qcs405 Firmware - Qualcomm Qcs603 Firmware - Qualcomm Qcs605 Firmware - Qualcomm Sa515M Firmware - Qualcomm Sd670 Firmware - Qualcomm Sd710 Firmware - Qualcomm Sd820 Firmware - Qualcomm Sd835 Firmware - Qualcomm Sd845 Firmware - Qualcomm Sdx12 Firmware - Qualcomm Sdx20 Firmware - Qualcomm Sdx24 Firmware - Qualcomm Sdxr1 Firmware - Qualcomm Wcd9326 Firmware - Qualcomm Wcd9330 Firmware - Qualcomm Wcd9335 Firmware - Qualcomm Wcd9340 Firmware - Qualcomm Wcd9341 Firmware - Qualcomm Wcn3610 Firmware - Qualcomm Wcn3615 Firmware - Qualcomm Wcn3660B Firmware - Qualcomm Wcn3680B Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Wcn3990 Firmware - Qualcomm Wcn3998 Firmware - Qualcomm Wcn3999 Firmware - Qualcomm Wsa8810 Firmware - Qualcomm Wsa8815 Firmware -	58
Hardware	Qualcomm Qualcomm Apq8009 - Qualcomm Apq8017 - Qualcomm Apq8053 - Qualcomm Apq8096Au - Qualcomm Ar8031 - Qualcomm Csra6620 - Qualcomm Csra6640 - Qualcomm Mdm9150 - Qualcomm Mdm9206 - Qualcomm Mdm9250 - Qualcomm Mdm9607 - Qualcomm Mdm9626 - Qualcomm Mdm9628 - Qualcomm Mdm9650 - Qualcomm Msm8937 - Qualcomm Pm8937 - Qualcomm Qca4020 - Qualcomm Qca6174A - Qualcomm Qca6175A - Qualcomm Qca6310 - Qualcomm Qca6320 - Qualcomm Qca6335 - Qualcomm Qca6564A - Qualcomm Qca6564Au - Qualcomm Qca6574 - Qualcomm Qca6574A - Qualcomm Qca6574Au - Qualcomm Qca9367 - Qualcomm Qca9377 - Qualcomm Qca9379 - Qualcomm Qcs405 - Qualcomm Qcs603 - Qualcomm Qcs605 - Qualcomm Sa515M - Qualcomm Sd670 - Qualcomm Sd710 - Qualcomm Sd820 - Qualcomm Sd835 - Qualcomm Sd845 - Qualcomm Sdx12 - Qualcomm Sdx20 - Qualcomm Sdx24 - Qualcomm Sdxr1 - Qualcomm Wcd9326 - Qualcomm Wcd9330 - Qualcomm Wcd9335 - Qualcomm Wcd9340 - Qualcomm Wcd9341 - Qualcomm Wcn3610 - Qualcomm Wcn3615 - Qualcomm Wcn3660B - Qualcomm Wcn3680B - Qualcomm Wcn3980 - Qualcomm Wcn3990 - Qualcomm Wcn3998 - Qualcomm Wcn3999 - Qualcomm Wsa8810 - Qualcomm Wsa8815 -	58

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin