Vulnerabilities > CVE-2022-22090 - Use After Free vulnerability in Qualcomm products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-416

NVD

Published: 2022-06-14

Updated: 2023-04-19

Summary

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm SD 8 Gen1 5G Firmware - Qualcomm Sd865 5G Firmware - Qualcomm Sd888 5G Firmware - Qualcomm Sdx65 Firmware - Qualcomm Sm7450 Firmware - Qualcomm Sm8475 Firmware - Qualcomm Sm8475P Firmware - Qualcomm Wcd9370 Firmware - Qualcomm Wcd9375 Firmware - Qualcomm Wcd9380 Firmware - Qualcomm Wcd9385 Firmware - Qualcomm Wcn6750 Firmware - Qualcomm Wcn6850 Firmware - Qualcomm Wcn6851 Firmware - Qualcomm Wcn6855 Firmware - Qualcomm Wcn6856 Firmware - Qualcomm Wcn7850 Firmware - Qualcomm Wcn7851 Firmware - Qualcomm Wsa8810 Firmware - Qualcomm Wsa8815 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wsa8832 Firmware - Qualcomm Wsa8835 Firmware -	23
Hardware	Qualcomm Qualcomm Sm8475 - Qualcomm Sd865 5G - Qualcomm Sd888 5G - Qualcomm Sdx65 - Qualcomm Sm7450 - Qualcomm Sm8475P - Qualcomm Wcd9370 - Qualcomm Wcd9375 - Qualcomm Wcd9380 - Qualcomm Wcd9385 - Qualcomm Wcn6750 - Qualcomm Wcn6850 - Qualcomm Wcn6851 - Qualcomm Wcn6855 - Qualcomm Wcn6856 - Qualcomm Wcn7850 - Qualcomm Wcn7851 - Qualcomm Wsa8810 - Qualcomm Wsa8815 - Qualcomm Wsa8830 - Qualcomm Wsa8832 - Qualcomm Wsa8835 -	22

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin