Vulnerability Details : CVE-2022-25712
Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
Vulnerability category: Memory Corruption
Products affected by CVE-2022-25712
- cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd710_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcc5100_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25712
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Qualcomm, Inc. |
CWE ids for CVE-2022-25712
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-25712
-
https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin
Security Bulletins | Qualcomm DocumentationPatch;Vendor Advisory
Jump to