CVE-2022-25690

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified) Snapdragon Auto versions (affected versions not specified) Snapdragon Compute versions (affected versions not specified) Snapdragon Connectivity versions (affected versions not specified) Snapdragon Consumer Electronics Connectivity versions (affected versions not specified) Snapdragon Consumer IOT versions (affected versions not specified) Snapdragon Industrial IOT versions (affected versions not specified) Snapdragon Mobile versions (affected versions not specified) Snapdragon Voice & Music versions (affected versions not specified)

Description The issue is related to the implementation of WLAN technology in Qualcomm's microprogrammable software for embedded boards, which is connected with unchecked array indexing when processing ANQP elements. This can be exploited by a remote attacker to gain unauthorized access to protected information by sending specially crafted packets. The vulnerability is due to improper validation of array index while parsing crafted ANQP action frames.

Recommendations For Qualcomm Snapdragon, consider disabling the ANQP functionality until a patch is available. For Snapdragon Auto, restrict access to the vulnerable ANQP module to minimize the risk of exploitation. For Snapdragon Compute, avoid using the ANQP action frames in the affected API endpoint until the issue is resolved. For Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music, at the moment, there is no information about a newer version that contains a fix for this vulnerability.