Search criteria

32 vulnerabilities found for snapdragon_wear_1100_firmware by qualcomm

CVE-2022-33295 (GCVE-0-2022-33295)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:31.570Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33295",
    "datePublished": "2023-04-04T04:46:44.921Z",
    "dateReserved": "2022-06-14T10:44:39.611Z",
    "dateUpdated": "2024-08-03T08:01:20.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33294 (GCVE-0-2022-33294)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
NULL pointer dereference in Modem
Summary
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:28.086Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "NULL pointer dereference in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33294",
    "datePublished": "2023-04-04T04:46:43.701Z",
    "dateReserved": "2022-06-14T10:44:39.611Z",
    "dateUpdated": "2024-08-03T08:01:20.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33259 (GCVE-0-2022-33259)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer copy without checking the size of input in Modem
Summary
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:00.342Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer copy without checking the size of input in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33259",
    "datePublished": "2023-04-04T04:46:32.158Z",
    "dateReserved": "2022-06-14T10:44:39.591Z",
    "dateUpdated": "2024-08-03T08:01:20.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33258 (GCVE-0-2022-33258)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure due to buffer over-read in modem while reading configuration parameters.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T20:19:06.274943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T20:19:12.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure due to buffer over-read in modem while reading configuration parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:56.911Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33258",
    "datePublished": "2023-04-04T04:46:30.687Z",
    "dateReserved": "2022-06-14T10:44:39.591Z",
    "dateUpdated": "2024-08-03T08:01:20.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33228 (GCVE-0-2022-33228)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33228",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T16:42:57.647678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T16:43:08.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:49.546Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33228",
    "datePublished": "2023-04-04T04:46:27.647Z",
    "dateReserved": "2022-06-14T10:44:39.578Z",
    "dateUpdated": "2024-08-03T08:01:20.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33223 (GCVE-0-2022-33223)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Null pointer dereference in Modem
Summary
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:46.066Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Null pointer dereference in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33223",
    "datePublished": "2023-04-04T04:46:26.078Z",
    "dateReserved": "2022-06-14T10:44:39.577Z",
    "dateUpdated": "2024-08-03T08:01:20.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33222 (GCVE-0-2022-33222)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure due to buffer over-read while parsing DNS response packets in Modem."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:42.632Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33222",
    "datePublished": "2023-04-04T04:46:24.575Z",
    "dateReserved": "2022-06-14T10:44:39.577Z",
    "dateUpdated": "2024-08-03T08:01:20.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33211 (GCVE-0-2022-33211)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Improper Input Validation in MODEM
Summary
memory corruption in modem due to improper check while calculating size of serialized CoAP message
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:06:24.893473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:08:30.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "memory corruption in modem due to improper check while calculating size of serialized CoAP message"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:39.182Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Improper Input Validation in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33211",
    "datePublished": "2023-04-04T04:46:23.347Z",
    "dateReserved": "2022-06-14T10:44:39.573Z",
    "dateUpdated": "2024-08-03T08:01:20.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25747 (GCVE-0-2022-25747)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2025-02-11 14:22
VLAI?
Title
Buffer Over-read in MODEM
Summary
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T14:22:39.175178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T14:22:45.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:35.739Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Over-read in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25747",
    "datePublished": "2023-04-04T04:46:21.972Z",
    "dateReserved": "2022-02-22T11:38:09.317Z",
    "dateUpdated": "2025-02-11T14:22:45.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25740 (GCVE-0-2022-25740)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Buffer Copy Without Checking Size of Input in MODEM
Summary
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:10:31.690045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:10:37.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:28.852Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Copy Without Checking Size of Input in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25740",
    "datePublished": "2023-04-04T04:46:19.314Z",
    "dateReserved": "2022-02-22T11:38:09.313Z",
    "dateUpdated": "2024-08-03T04:49:43.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25739 (GCVE-0-2022-25739)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Null Point Dereference in MODEM
Summary
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: SSG2115P
Affected: SSG2125P
Affected: SXR1230P
Affected: SXR2230P
Affected: WCD9306
Affected: WCD9330
Affected: WCD9380
Affected: WCD9385
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_ar2_gen_1_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2115p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2125p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr1230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr2230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:11:14.969354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:11:32.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:25.458Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Null Point Dereference in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25739",
    "datePublished": "2023-04-04T04:46:17.961Z",
    "dateReserved": "2022-02-22T11:38:09.313Z",
    "dateUpdated": "2024-08-03T04:49:43.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25737 (GCVE-0-2022-25737)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Use of Uninitialized Variable in MODEM
Summary
Information disclosure in modem due to missing NULL check while reading packets received from local network
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-457 - Use of Uninitialized Variable
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to missing NULL check  while reading packets received from local network"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457 Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:22.075Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Use of Uninitialized Variable in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25737",
    "datePublished": "2023-04-04T04:46:16.687Z",
    "dateReserved": "2022-02-22T11:38:09.312Z",
    "dateUpdated": "2024-08-03T04:49:43.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25731 (GCVE-0-2022-25731)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Incorrect Calculation of Buffer Size in MODEM
Summary
Information disclosure in modem due to buffer over-read while processing packets from DNS server
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to buffer over-read while processing packets from DNS server"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:18.696Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25731",
    "datePublished": "2023-04-04T04:46:15.237Z",
    "dateReserved": "2022-02-22T11:38:09.310Z",
    "dateUpdated": "2024-08-03T04:49:43.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25730 (GCVE-0-2022-25730)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Buffer Over-read in MODEM
Summary
Information disclosure in modem due to improper check of IP type while processing DNS server query
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: SSG2115P
Affected: SSG2125P
Affected: SXR1230P
Affected: SXR2230P
Affected: WCD9306
Affected: WCD9330
Affected: WCD9380
Affected: WCD9385
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_1100_wearable_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_1200_wearable_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9205_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9207_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4010",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_ar2_gen1_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_ar2_gen1_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_wear_1300_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:ssg2115p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2115p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:ssg2125p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2125p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:sxr1230p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr1230p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr2230p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-19T16:03:34.222184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:15:35.279Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:42.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to improper check of IP type while processing DNS server query"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:15.247Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Over-read in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25730",
    "datePublished": "2023-04-04T04:46:13.925Z",
    "dateReserved": "2022-02-22T11:38:09.309Z",
    "dateUpdated": "2024-08-03T04:49:42.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25726 (GCVE-0-2022-25726)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Buffer Over-read in MODEM
Summary
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: SSG2115P
Affected: SSG2125P
Affected: SXR1230P
Affected: SXR2230P
Affected: WCD9306
Affected: WCD9330
Affected: WCD9380
Affected: WCD9385
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_ar2_gen_1_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2115p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2125p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr1230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr2230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T21:14:37.241171Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T21:14:43.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:42.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:11.840Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Over-read in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25726",
    "datePublished": "2023-04-04T04:46:12.603Z",
    "dateReserved": "2022-02-22T11:38:09.302Z",
    "dateUpdated": "2024-08-03T04:49:42.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25678 (GCVE-0-2022-25678)

Vulnerability from nvd – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:42
VLAI?
Title
Buffer Copy Without Checking Size of Input in MODEM
Summary
Memory correction in modem due to buffer overwrite during coap connection
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25678",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T16:30:49.822230Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T16:31:06.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:42:50.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory correction in modem due to buffer overwrite during coap connection"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:08.390Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Copy Without Checking Size of Input in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25678",
    "datePublished": "2023-04-04T04:46:11.198Z",
    "dateReserved": "2022-02-22T11:38:09.283Z",
    "dateUpdated": "2024-08-03T04:42:50.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33295 (GCVE-0-2022-33295)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:31.570Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33295",
    "datePublished": "2023-04-04T04:46:44.921Z",
    "dateReserved": "2022-06-14T10:44:39.611Z",
    "dateUpdated": "2024-08-03T08:01:20.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33294 (GCVE-0-2022-33294)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
NULL pointer dereference in Modem
Summary
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:28.086Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "NULL pointer dereference in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33294",
    "datePublished": "2023-04-04T04:46:43.701Z",
    "dateReserved": "2022-06-14T10:44:39.611Z",
    "dateUpdated": "2024-08-03T08:01:20.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33259 (GCVE-0-2022-33259)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer copy without checking the size of input in Modem
Summary
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:29:00.342Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer copy without checking the size of input in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33259",
    "datePublished": "2023-04-04T04:46:32.158Z",
    "dateReserved": "2022-06-14T10:44:39.591Z",
    "dateUpdated": "2024-08-03T08:01:20.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33258 (GCVE-0-2022-33258)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure due to buffer over-read in modem while reading configuration parameters.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T20:19:06.274943Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T20:19:12.228Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure due to buffer over-read in modem while reading configuration parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:56.911Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33258",
    "datePublished": "2023-04-04T04:46:30.687Z",
    "dateReserved": "2022-06-14T10:44:39.591Z",
    "dateUpdated": "2024-08-03T08:01:20.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33228 (GCVE-0-2022-33228)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33228",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T16:42:57.647678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T16:43:08.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.412Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:49.546Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33228",
    "datePublished": "2023-04-04T04:46:27.647Z",
    "dateReserved": "2022-06-14T10:44:39.578Z",
    "dateUpdated": "2024-08-03T08:01:20.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33223 (GCVE-0-2022-33223)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Null pointer dereference in Modem
Summary
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:46.066Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Null pointer dereference in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33223",
    "datePublished": "2023-04-04T04:46:26.078Z",
    "dateReserved": "2022-06-14T10:44:39.577Z",
    "dateUpdated": "2024-08-03T08:01:20.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33222 (GCVE-0-2022-33222)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Buffer over-read in Modem
Summary
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure due to buffer over-read while parsing DNS response packets in Modem."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:42.632Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer over-read in Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33222",
    "datePublished": "2023-04-04T04:46:24.575Z",
    "dateReserved": "2022-06-14T10:44:39.577Z",
    "dateUpdated": "2024-08-03T08:01:20.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33211 (GCVE-0-2022-33211)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 08:01
VLAI?
Title
Improper Input Validation in MODEM
Summary
memory corruption in modem due to improper check while calculating size of serialized CoAP message
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-33211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:06:24.893473Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:08:30.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:01:20.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "memory corruption in modem due to improper check while calculating size of serialized CoAP message"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:39.182Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Improper Input Validation in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-33211",
    "datePublished": "2023-04-04T04:46:23.347Z",
    "dateReserved": "2022-06-14T10:44:39.573Z",
    "dateUpdated": "2024-08-03T08:01:20.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25747 (GCVE-0-2022-25747)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2025-02-11 14:22
VLAI?
Title
Buffer Over-read in MODEM
Summary
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T14:22:39.175178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T14:22:45.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:35.739Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Over-read in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25747",
    "datePublished": "2023-04-04T04:46:21.972Z",
    "dateReserved": "2022-02-22T11:38:09.317Z",
    "dateUpdated": "2025-02-11T14:22:45.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25740 (GCVE-0-2022-25740)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Buffer Copy Without Checking Size of Input in MODEM
Summary
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:10:31.690045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:10:37.509Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:28.852Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Copy Without Checking Size of Input in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25740",
    "datePublished": "2023-04-04T04:46:19.314Z",
    "dateReserved": "2022-02-22T11:38:09.313Z",
    "dateUpdated": "2024-08-03T04:49:43.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25739 (GCVE-0-2022-25739)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Null Point Dereference in MODEM
Summary
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: SSG2115P
Affected: SSG2125P
Affected: SXR1230P
Affected: SXR2230P
Affected: WCD9306
Affected: WCD9330
Affected: WCD9380
Affected: WCD9385
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_ar2_gen_1_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_ar2_gen_1_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_modem_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2115p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2115p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:ssg2125p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2125p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr1230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr1230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr2230p_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25739",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T17:11:14.969354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T17:11:32.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:25.458Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Null Point Dereference in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25739",
    "datePublished": "2023-04-04T04:46:17.961Z",
    "dateReserved": "2022-02-22T11:38:09.313Z",
    "dateUpdated": "2024-08-03T04:49:43.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25737 (GCVE-0-2022-25737)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Use of Uninitialized Variable in MODEM
Summary
Information disclosure in modem due to missing NULL check while reading packets received from local network
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-457 - Use of Uninitialized Variable
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to missing NULL check  while reading packets received from local network"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-457",
              "description": "CWE-457 Use of Uninitialized Variable",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:22.075Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Use of Uninitialized Variable in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25737",
    "datePublished": "2023-04-04T04:46:16.687Z",
    "dateReserved": "2022-02-22T11:38:09.312Z",
    "dateUpdated": "2024-08-03T04:49:43.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25731 (GCVE-0-2022-25731)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Incorrect Calculation of Buffer Size in MODEM
Summary
Information disclosure in modem due to buffer over-read while processing packets from DNS server
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: WCD9306
Affected: WCD9330
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to buffer over-read while processing packets from DNS server"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:18.696Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Incorrect Calculation of Buffer Size in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25731",
    "datePublished": "2023-04-04T04:46:15.237Z",
    "dateReserved": "2022-02-22T11:38:09.310Z",
    "dateUpdated": "2024-08-03T04:49:43.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25730 (GCVE-0-2022-25730)

Vulnerability from cvelistv5 – Published: 2023-04-04 04:46 – Updated: 2024-08-03 04:49
VLAI?
Title
Buffer Over-read in MODEM
Summary
Information disclosure in modem due to improper check of IP type while processing DNS server query
Severity ?
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 9205 LTE Modem
Affected: 9206 LTE Modem
Affected: 9207 LTE Modem
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: MDM8207
Affected: QCA4004
Affected: QCA4010
Affected: QTS110
Affected: Snapdragon 1100 Wearable Platform
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon AR2 Gen 1 Platform
Affected: Snapdragon Wear 1300 Platform
Affected: Snapdragon X5 LTE Modem
Affected: SSG2115P
Affected: SSG2125P
Affected: SXR1230P
Affected: SXR2230P
Affected: WCD9306
Affected: WCD9330
Affected: WCD9380
Affected: WCD9385
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_1100_wearable_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1100_wearable_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_1200_wearable_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_1200_wearable_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9205_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9205_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9206_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:9207_lte_modem:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "9207_lte_modem",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mdm8207",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4004",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qca4010",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts110",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_ar2_gen1_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_ar2_gen1_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:snapdragon_wear_1300_platform:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_wear_1300_platform",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_x5_lte_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_x5_lte_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:ssg2115p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2115p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:ssg2125p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ssg2125p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:sxr1230p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr1230p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sxr2230p",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9306",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9330",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8832",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835",
            "vendor": "qualcomm",
            "versions": [
              {
                "status": "affected",
                "version": "-"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25730",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-19T16:03:34.222184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:15:35.279Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:42.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "9207 LTE Modem"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "MDM8207"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA4010"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1100 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information disclosure in modem due to improper check of IP type while processing DNS server query"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:15.247Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin"
        }
      ],
      "title": "Buffer Over-read in MODEM"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25730",
    "datePublished": "2023-04-04T04:46:13.925Z",
    "dateReserved": "2022-02-22T11:38:09.309Z",
    "dateUpdated": "2024-08-03T04:49:42.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}