CVE-2022-22102

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-02 12:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-22102

Mitre link : CVE-2022-22102

CVE.ORG link : CVE-2022-22102

JSON object : View

Products Affected

qualcomm

qca6574au
sa6145p_firmware
sa6155p
sa8145p_firmware
sa6150p
sa6155p_firmware
sa8150p_firmware
sa8195p
sa6150p_firmware
sa8155p_firmware
sa6145p
sa8155p
qca6574au_firmware
sa8150p
qca6696_firmware
sa8145p
sa8195p_firmware
qca6696

CWE

CWE-704

Incorrect Type Conversion or Cast

{"id": "CVE-2022-22102", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "product-security@qualcomm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2022-09-02T12:15:10.090", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2022-bulletin", "tags": ["Vendor Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-704"}]}], "descriptions": [{"lang": "en", "value": "Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto"}, {"lang": "es", "value": "Una corrupci\u00f3n de memoria en multimedia debido a una conversi\u00f3n de tipo incorrecta mientras son a\u00f1adidos datos en Snapdragon Auto"}], "lastModified": "2022-09-07T21:04:28.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}