Details of VAR-202210-1446

ID

VAR-202210-1446

CVE

CVE-2022-25750

TITLE

Double release vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-019492

DESCRIPTION

Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile. kailua firmware, sg8275 firmware, sg8275p Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25750 // JVNDB: JVNDB-2022-019492

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8840	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9395	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8550	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kailua	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8845h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sg8275	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sg8275p	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	wcd9390	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcd9380	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sg8275	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wsa8845h	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcn7850	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcn6856	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kailua	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sg8275p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcd9385	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wsa8840	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wsa8845	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcn7851	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sm8550	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcn6855	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	wcd9395	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019492 // NVD: CVE-2022-25750

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2022-25750
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2022-25750
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25750
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-1337
value:	HIGH
Trust: 0.6

product-security@qualcomm.com:	CVE-2022-25750
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-25750
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25750
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019492 // CNNVD: CNNVD-202210-1337 // NVD: CVE-2022-25750 // NVD: CVE-2022-25750

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.0
problemtype:	Double release (CWE-415) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-019492 // NVD: CVE-2022-25750

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1337

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1337

PATCH

title:

Qualcomm BTHOST Remediation of resource management error vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211514

Trust: 0.6

sources: CNNVD: CNNVD-202210-1337

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25750	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019492	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1337	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-019492 // CNNVD: CNNVD-202210-1337 // NVD: CVE-2022-25750

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25750	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25750/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-019492 // CNNVD: CNNVD-202210-1337 // NVD: CVE-2022-25750

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-019492
db:	CNNVD	id:	CNNVD-202210-1337
db:	NVD	id:	CVE-2022-25750

LAST UPDATE DATE

2025-05-14T20:53:27.922000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-019492	date:	2023-10-25T08:15:00
db:	CNNVD	id:	CNNVD-202210-1337	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-25750	date:	2025-05-13T20:15:20.920

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-019492	date:	2023-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202210-1337	date:	2022-10-19T00:00:00
db:	NVD	id:	CVE-2022-25750	date:	2022-10-19T11:15:10.953