CVE-2022-25654

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto (affected versions not specified) Qualcomm Snapdragon Connectivity (affected versions not specified) Qualcomm Snapdragon Consumer IOT (affected versions not specified) Qualcomm Snapdragon Industrial IOT (affected versions not specified) Qualcomm Snapdragon Wearables (affected versions not specified)

Description The issue is related to memory corruption in the kernel due to improper input validation while processing ION commands. This can allow an attacker to cause a denial of service or execute arbitrary code. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Qualcomm Snapdragon Auto, update to a version that includes proper input validation for ION commands. For Qualcomm Snapdragon Connectivity, update to a version that includes proper input validation for ION commands. For Qualcomm Snapdragon Consumer IOT, update to a version that includes proper input validation for ION commands. For Qualcomm Snapdragon Industrial IOT, update to a version that includes proper input validation for ION commands. For Qualcomm Snapdragon Wearables, update to a version that includes proper input validation for ION commands. As a temporary workaround, consider restricting access to the ION command processing functionality until a patch is available.