Sign-up

ID

VAR-202209-1131


CVE

CVE-2022-22105


TITLE

Integer overflow vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-016541

DESCRIPTION

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music. APQ8009 firmware, APQ8017 firmware, APQ8053 Multiple Qualcomm products, including firmware, contain an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Qualcomm chips are chips from Qualcomm Corporation. A way of miniaturizing circuits (mainly semiconductor devices, but also passive components, etc.) and often fabricated on the surface of a semiconductor wafer

Trust: 2.25

sources: NVD: CVE-2022-22105 // JVNDB: JVNDB-2022-016541 // CNNVD: CNNVD-202209-1223 // VULMON: CVE-2022-22105

IOT TAXONOMY

category:['other device', 'embedded device']sub_category:SoC

Trust: 0.1

category:['other device', 'embedded device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:qualcommmodel:ar8031scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa415mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9367scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca4020scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csrb31024scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9360scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3999scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9628scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9626scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:mdm9626scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9628scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9250scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6564ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8031scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca4020scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csrb31024scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6620scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6640scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016541 // NVD: CVE-2022-22105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22105
value: CRITICAL

Trust: 1.0

product-security@qualcomm.com: CVE-2022-22105
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-22105
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202209-1223
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-22105
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2022-22105
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-22105
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016541 // CNNVD: CNNVD-202209-1223 // NVD: CVE-2022-22105 // NVD: CVE-2022-22105

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-016541 // NVD: CVE-2022-22105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-1223

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202209-1223

PATCH

title:Qualcomm Repair measures for chip input verification errorsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210487

Trust: 0.6

sources: CNNVD: CNNVD-202209-1223

EXTERNAL IDS

db:NVDid:CVE-2022-22105

Trust: 3.4

db:JVNDBid:JVNDB-2022-016541

Trust: 0.8

db:CNNVDid:CNNVD-202209-1223

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-22105

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-22105 // JVNDB: JVNDB-2022-016541 // CNNVD: CNNVD-202209-1223 // NVD: CVE-2022-22105

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/september-2022-bulletin

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22105

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22105/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-22105 // JVNDB: JVNDB-2022-016541 // CNNVD: CNNVD-202209-1223 // NVD: CVE-2022-22105

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2022-22105
db:JVNDBid:JVNDB-2022-016541
db:CNNVDid:CNNVD-202209-1223
db:NVDid:CVE-2022-22105

LAST UPDATE DATE

2025-01-30T19:58:42.290000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-22105date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-016541date:2023-10-05T04:30:00
db:CNNVDid:CNNVD-202209-1223date:2022-10-14T00:00:00
db:NVDid:CVE-2022-22105date:2022-09-20T13:17:06.497

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-22105date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-016541date:2023-10-05T00:00:00
db:CNNVDid:CNNVD-202209-1223date:2022-09-16T00:00:00
db:NVDid:CVE-2022-22105date:2022-09-16T06:15:10.487