Vulnerabilities > CVE-2022-25698 - Out-of-bounds Write vulnerability in Qualcomm products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-787

NVD

Published: 2022-12-13

Updated: 2023-08-08

Summary

Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm SD 8 Gen1 5G Firmware - Qualcomm Sd429 Firmware - Qualcomm Sda429W Firmware - Qualcomm Sdm429W Firmware - Qualcomm Wcd9380 Firmware - Qualcomm Wcn3610 Firmware - Qualcomm Wcn3620 Firmware - Qualcomm Wcn3660B Firmware - Qualcomm Wcn3680B Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Wcn6855 Firmware - Qualcomm Wcn6856 Firmware - Qualcomm Wcn7850 Firmware - Qualcomm Wcn7851 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wsa8835 Firmware -	16
Hardware	Qualcomm Qualcomm Sm8475 - Qualcomm Sd429 - Qualcomm Sda429W - Qualcomm Sdm429W - Qualcomm Wcd9380 - Qualcomm Wcn3610 - Qualcomm Wcn3620 - Qualcomm Wcn3660B - Qualcomm Wcn3680B - Qualcomm Wcn3980 - Qualcomm Wcn6855 - Qualcomm Wcn6856 - Qualcomm Wcn7850 - Qualcomm Wcn7851 - Qualcomm Wsa8830 - Qualcomm Wsa8835 -	16

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin