Vulnerabilities > CVE-2022-25727 - Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

qualcomm

CWE-1284

critical

NVD

Published: 2022-11-15

Updated: 2023-08-08

Summary

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ar8031 Firmware - Qualcomm Csra6620 Firmware - Qualcomm Csra6640 Firmware - Qualcomm Mdm8207 Firmware - Qualcomm Mdm9205 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9207 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Qca4004 Firmware - Qualcomm Qca4010 Firmware - Qualcomm Qca4020 Firmware - Qualcomm Qca4024 Firmware - Qualcomm Qcs405 Firmware - Qualcomm Wcd9306 Firmware - Qualcomm Wcd9330 Firmware - Qualcomm Wcd9335 Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Wcn3998 Firmware - Qualcomm Wcn3999 Firmware - Qualcomm Wsa8810 Firmware - Qualcomm Wsa8815 Firmware -	21
Hardware	Qualcomm Qualcomm Ar8031 - Qualcomm Csra6620 - Qualcomm Csra6640 - Qualcomm Mdm8207 - Qualcomm Mdm9205 - Qualcomm Mdm9206 - Qualcomm Mdm9207 - Qualcomm Mdm9607 - Qualcomm Qca4004 - Qualcomm Qca4010 - Qualcomm Qca4020 - Qualcomm Qca4024 - Qualcomm Qcs405 - Qualcomm Wcd9306 - Qualcomm Wcd9330 - Qualcomm Wcd9335 - Qualcomm Wcn3980 - Qualcomm Wcn3998 - Qualcomm Wcn3999 - Qualcomm Wsa8810 - Qualcomm Wsa8815 -	21

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin