Sign-up

ID

VAR-202212-1547


CVE

CVE-2022-25712


TITLE

Classic buffer overflow vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023285

DESCRIPTION

Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables. AQT1000 firmware, MDM9150 firmware, QCA6310 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-25712 // JVNDB: JVNDB-2022-023285

IOT TAXONOMY

category:['other device', 'embedded device']sub_category:SoC

Trust: 0.1

category:['other device', 'embedded device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc5100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdxr1scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sw5100pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6851scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qualcomm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd870scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdxr2 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6420scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:aqt1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6310scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qualcomm215scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6420scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:aqt1000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6436scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcc5100scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6335scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6310scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6430scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6426scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd855scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd845scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd865 5gscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd710scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd205scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:sd210scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcs610scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qcs410scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023285 // NVD: CVE-2022-25712

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com: CVE-2022-25712
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2022-25712
value: HIGH

Trust: 1.0

NVD: CVE-2022-25712
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-3117
value: HIGH

Trust: 0.6

product-security@qualcomm.com: CVE-2022-25712
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2022-25712
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-25712
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023285 // CNNVD: CNNVD-202212-3117 // NVD: CVE-2022-25712 // NVD: CVE-2022-25712

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023285 // NVD: CVE-2022-25712

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3117

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3117

PATCH

title:Qualcomm Camera Driver Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217854

Trust: 0.6

sources: CNNVD: CNNVD-202212-3117

EXTERNAL IDS

db:NVDid:CVE-2022-25712

Trust: 3.3

db:JVNDBid:JVNDB-2022-023285

Trust: 0.8

db:CNNVDid:CNNVD-202212-3117

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-023285 // CNNVD: CNNVD-202212-3117 // NVD: CVE-2022-25712

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-25712

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-25712/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-023285 // CNNVD: CNNVD-202212-3117 // NVD: CVE-2022-25712

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2022-023285
db:CNNVDid:CNNVD-202212-3117
db:NVDid:CVE-2022-25712

LAST UPDATE DATE

2025-04-22T20:10:18.523000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023285date:2023-11-28T03:13:00
db:CNNVDid:CNNVD-202212-3117date:2022-12-16T00:00:00
db:NVDid:CVE-2022-25712date:2025-04-22T16:15:26.373

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023285date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-3117date:2022-12-13T00:00:00
db:NVDid:CVE-2022-25712date:2022-12-13T16:15:18.750