CVE-2022-25712
HIGHCVSS 7.8/10EPSS 0.12%
Last modified
CVE-2022-25712 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Aqt1000 Firmware | All versions |
| Qualcomm | Mdm9150 Firmware | All versions |
| Qualcomm | Qca6310 Firmware | All versions |
| Qualcomm | Qca6335 Firmware | All versions |
| Qualcomm | Qca6390 Firmware | All versions |
| Qualcomm | Qca6391 Firmware | All versions |
| Qualcomm | Qca6420 Firmware | All versions |
| Qualcomm | Qca6426 Firmware | All versions |
| Qualcomm | Qca6430 Firmware | All versions |
| Qualcomm | Qca6436 Firmware | All versions |
| Qualcomm | Qcc5100 Firmware | All versions |
| Qualcomm | Qcs410 Firmware | All versions |
| Qualcomm | Qcs610 Firmware | All versions |
| Qualcomm | Qualcomm215 Firmware | All versions |
| Qualcomm | Sd205 Firmware | All versions |
| Qualcomm | Sd210 Firmware | All versions |
| Qualcomm | Sd710 Firmware | All versions |
| Qualcomm | Sd845 Firmware | All versions |
| Qualcomm | Sd855 Firmware | All versions |
| Qualcomm | Sd865 5g Firmware | All versions |
| Qualcomm | Sd870 Firmware | All versions |
| Qualcomm | Sda429w Firmware | All versions |
| Qualcomm | Sdx55m Firmware | All versions |
| Qualcomm | Sdxr1 Firmware | All versions |
| Qualcomm | Sdxr2 5g Firmware | All versions |
| Qualcomm | Sw5100 Firmware | All versions |
| Qualcomm | Sw5100p Firmware | All versions |
| Qualcomm | Wcd9326 Firmware | All versions |
| Qualcomm | Wcd9340 Firmware | All versions |
| Qualcomm | Wcd9341 Firmware | All versions |
| Qualcomm | Wcd9370 Firmware | All versions |
| Qualcomm | Wcd9380 Firmware | All versions |
| Qualcomm | Wcn3610 Firmware | All versions |
| Qualcomm | Wcn3660b Firmware | All versions |
| Qualcomm | Wcn3680b Firmware | All versions |
| Qualcomm | Wcn3950 Firmware | All versions |
| Qualcomm | Wcn3980 Firmware | All versions |
| Qualcomm | Wcn3988 Firmware | All versions |
| Qualcomm | Wcn3990 Firmware | All versions |
| Qualcomm | Wcn3998 Firmware | All versions |
| Qualcomm | Wcn6850 Firmware | All versions |
| Qualcomm | Wcn6851 Firmware | All versions |
| Qualcomm | Wsa8810 Firmware | All versions |
| Qualcomm | Wsa8815 Firmware | All versions |
| Qualcomm | Wsa8830 Firmware | All versions |
| Qualcomm | Wsa8835 Firmware | All versions |
References
- https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletinPatch, Vendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletinPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-25712?
Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables
How severe is CVE-2022-25712?
CVE-2022-25712 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.12% probability of exploitation in the next 30 days.
How do I fix CVE-2022-25712?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-25712?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST