PT-2022-4881 · Qualcomm · Qualcomm Snapdragon Compute+7
Published
2022-07-03
·
Updated
2023-04-19
·
CVE-2022-22066
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qualcomm Snapdragon Auto versions (affected versions not specified)
Qualcomm Snapdragon Compute versions (affected versions not specified)
Qualcomm Snapdragon Connectivity versions (affected versions not specified)
Qualcomm Snapdragon Consumer IOT versions (affected versions not specified)
Qualcomm Snapdragon Industrial IOT versions (affected versions not specified)
Qualcomm Snapdragon Mobile versions (affected versions not specified)
Qualcomm Snapdragon Voice & Music versions (affected versions not specified)
Qualcomm Snapdragon Wearables versions (affected versions not specified)
Description
The issue is related to a buffer length check flaw in the implementation of content protection for Qualcomm's embedded software, which can lead to memory corruption and potentially allow an attacker to cause a denial of service or execute arbitrary code. This occurs when processing commands received from the High-Level Operating System (HLOS) due to an improper length check.
Recommendations
For Qualcomm Snapdragon Auto, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Compute, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Mobile, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for the buffer length check issue.
For Qualcomm Snapdragon Wearables, update to a version that includes the fix for the buffer length check issue.
As a temporary workaround, consider restricting access to the vulnerable function until a patch is available.
Fix
Out of bounds Read
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Connectivity
Qualcomm Snapdragon Consumer Iot
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Voice & Music
Qualcomm Snapdragon Wearables