Details of VAR-202212-1299

ID

VAR-202212-1299

CVE

CVE-2022-25711

TITLE

Array index validation vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023284

DESCRIPTION

Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. AQT1000 firmware, MDM9150 firmware, QCA6390 Multiple Qualcomm products, including firmware, contain vulnerabilities related to array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25711 // JVNDB: JVNDB-2022-023284

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcc5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8 gen1 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qualcomm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	qualcomm215	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6420	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6436	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6696	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6145p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6595au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcc5100	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6391	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs8155	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6390	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6430	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6426	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca8337	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa6150p	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcn9074	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs610	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs410	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-023284 // NVD: CVE-2022-25711

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2022-25711
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-25711
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25711
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202212-3118
value:	HIGH
Trust: 0.6

product-security@qualcomm.com:	CVE-2022-25711
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-25711
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25711
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-023284 // CNNVD: CNNVD-202212-3118 // NVD: CVE-2022-25711 // NVD: CVE-2022-25711

PROBLEMTYPE DATA

problemtype:	CWE-129	Trust: 1.0
problemtype:	Improper validation of array indexes (CWE-129) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023284 // NVD: CVE-2022-25711

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3118

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3118

PATCH

title:

Qualcomm Camera Driver Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=217855

Trust: 0.6

sources: CNNVD: CNNVD-202212-3118

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25711	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-023284	Trust: 0.8
db:	CNNVD	id:	CNNVD-202212-3118	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-023284 // CNNVD: CNNVD-202212-3118 // NVD: CVE-2022-25711

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25711	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25711/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-023284 // CNNVD: CNNVD-202212-3118 // NVD: CVE-2022-25711

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-023284
db:	CNNVD	id:	CNNVD-202212-3118
db:	NVD	id:	CVE-2022-25711

LAST UPDATE DATE

2025-04-22T22:51:24.336000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-023284	date:	2023-11-28T03:13:00
db:	CNNVD	id:	CNNVD-202212-3118	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-25711	date:	2025-04-22T16:15:26.180

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-023284	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202212-3118	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-25711	date:	2022-12-13T16:15:18.683