CVE-2022-22074

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform software (affected versions not specified) Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Connectivity (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wearables (affected versions not specified)

Description The issue is related to an integer overflow in the Audio component of Qualcomm's microprogrammed software for embedded platforms when playing wma files. This can lead to memory corruption. Exploitation of the issue may allow an attacker to cause a denial of service or execute arbitrary code.

Recommendations For Qualcomm embedded platform software, update to a version that fixes the integer overflow issue in the Audio component. For Snapdragon Auto, restrict access to wma file playback until a patch is available. For Snapdragon Compute, consider disabling the wma file playback functionality until a fix is released. For Snapdragon Connectivity, avoid using the vulnerable Audio component until an update is provided. For Snapdragon Consumer IOT, restrict the use of wma file playback to minimize the risk of exploitation. For Snapdragon Industrial IOT, update the software to a version that addresses the integer overflow issue. For Snapdragon Mobile, apply configuration changes to prevent the exploitation of the vulnerable Audio component. For Snapdragon Voice & Music, temporarily disable the wma file playback feature until a patch is available. For Snapdragon Wearables, update the software to a version that fixes the memory corruption issue.