Vulnerabilities > CVE-2022-25742 - Infinite Loop vulnerability in Qualcomm products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

qualcomm

CWE-835

NVD

Published: 2022-11-15

Updated: 2022-11-18

Summary

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ar8031 Firmware - Qualcomm Csra6620 Firmware - Qualcomm Csra6640 Firmware - Qualcomm Mdm8207 Firmware - Qualcomm Mdm9205 Firmware - Qualcomm Mdm9206 Firmware - Qualcomm Mdm9207 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Qca4004 Firmware - Qualcomm Qca4010 Firmware - Qualcomm Qca4020 Firmware - Qualcomm Qca4024 Firmware - Qualcomm Qcs405 Firmware - Qualcomm Wcd9306 Firmware - Qualcomm Wcd9330 Firmware - Qualcomm Wcd9335 Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Wcn3998 Firmware - Qualcomm Wcn3999 Firmware - Qualcomm Wsa8810 Firmware - Qualcomm Wsa8815 Firmware -	21
Hardware	Qualcomm Qualcomm Ar8031 - Qualcomm Csra6620 - Qualcomm Csra6640 - Qualcomm Mdm8207 - Qualcomm Mdm9205 - Qualcomm Mdm9206 - Qualcomm Mdm9207 - Qualcomm Mdm9607 - Qualcomm Qca4004 - Qualcomm Qca4010 - Qualcomm Qca4020 - Qualcomm Qca4024 - Qualcomm Qcs405 - Qualcomm Wcd9306 - Qualcomm Wcd9330 - Qualcomm Wcd9335 - Qualcomm Wcn3980 - Qualcomm Wcn3998 - Qualcomm Wcn3999 - Qualcomm Wsa8810 - Qualcomm Wsa8815 -	21

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin