Vulnerability identifier: #VU69944

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-22063

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
APQ8096AU
Hardware solutions / Firmware
MDM9640
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
MDM9645
Mobile applications / Mobile firmware & hardware
QCA6174
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
WCN3990
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Core component caused by improper configuration in boot remapper. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APQ8096AU: All versions

MDM9640: All versions

MDM9645: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6574A: All versions

QCA6574AU: All versions

WCN3990: All versions

---

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/december-2022-bulletin.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.