#VU72853 Buffer over-read in Qualcomm products - CVE-2022-40535

Cybersecurity Help s.r.o.

Published: 2023-03-06

Vulnerability identifier: #VU72853

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40535

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CSR8811
Mobile applications / Mobile firmware & hardware
IPQ8070A
Mobile applications / Mobile firmware & hardware
IPQ8071A
Mobile applications / Mobile firmware & hardware
IPQ8072A
Mobile applications / Mobile firmware & hardware
IPQ8074A
Mobile applications / Mobile firmware & hardware
IPQ8076
Mobile applications / Mobile firmware & hardware
IPQ8076A
Mobile applications / Mobile firmware & hardware
IPQ8078
Mobile applications / Mobile firmware & hardware
IPQ8078A
Mobile applications / Mobile firmware & hardware
IPQ8173
Mobile applications / Mobile firmware & hardware
IPQ8174
Mobile applications / Mobile firmware & hardware
IPQ9008
Mobile applications / Mobile firmware & hardware
IPQ9574
Mobile applications / Mobile firmware & hardware
QCA4024
Mobile applications / Mobile firmware & hardware
QCA6390
Mobile applications / Mobile firmware & hardware
QCA6391
Mobile applications / Mobile firmware & hardware
QCA6421
Mobile applications / Mobile firmware & hardware
QCA6426
Mobile applications / Mobile firmware & hardware
QCA6431
Mobile applications / Mobile firmware & hardware
QCA6436
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8082
Mobile applications / Mobile firmware & hardware
QCA8084
Mobile applications / Mobile firmware & hardware
QCA8085
Mobile applications / Mobile firmware & hardware
QCA8386
Mobile applications / Mobile firmware & hardware
QCA9888
Mobile applications / Mobile firmware & hardware
QCA9889
Mobile applications / Mobile firmware & hardware
QCN5024
Mobile applications / Mobile firmware & hardware
QCN5124
Mobile applications / Mobile firmware & hardware
QCN5154
Mobile applications / Mobile firmware & hardware
QCN5164
Mobile applications / Mobile firmware & hardware
QCN6023
Mobile applications / Mobile firmware & hardware
QCN6024
Mobile applications / Mobile firmware & hardware
QCN9000
Mobile applications / Mobile firmware & hardware
QCN9024
Mobile applications / Mobile firmware & hardware
QCN9070
Mobile applications / Mobile firmware & hardware
QCN9072
Mobile applications / Mobile firmware & hardware
QCN9074
Mobile applications / Mobile firmware & hardware
QCN9274
Mobile applications / Mobile firmware & hardware
SD460
Mobile applications / Mobile firmware & hardware
SD480
Mobile applications / Mobile firmware & hardware
SD662
Mobile applications / Mobile firmware & hardware
SD680
Mobile applications / Mobile firmware & hardware
SD695
Mobile applications / Mobile firmware & hardware
SD865 5G
Mobile applications / Mobile firmware & hardware
SD870
Mobile applications / Mobile firmware & hardware
SDX55M
Mobile applications / Mobile firmware & hardware
SDX65
Mobile applications / Mobile firmware & hardware
SDX65M
Mobile applications / Mobile firmware & hardware
SM4125
Mobile applications / Mobile firmware & hardware
Snapdragon 4 Gen 1
Mobile applications / Mobile firmware & hardware
SW5100
Mobile applications / Mobile firmware & hardware
SW5100P
Mobile applications / Mobile firmware & hardware
WCD9326
Mobile applications / Mobile firmware & hardware
WCD9335
Mobile applications / Mobile firmware & hardware
WCD9370
Mobile applications / Mobile firmware & hardware
WCD9375
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCD9385
Mobile applications / Mobile firmware & hardware
WCN3910
Mobile applications / Mobile firmware & hardware
WCN3950
Mobile applications / Mobile firmware & hardware
WCN3980
Mobile applications / Mobile firmware & hardware
WCN3988
Mobile applications / Mobile firmware & hardware
WCN3991
Mobile applications / Mobile firmware & hardware
WCN3998
Mobile applications / Mobile firmware & hardware
WCN6850
Mobile applications / Mobile firmware & hardware
WCN6851
Mobile applications / Mobile firmware & hardware
WSA8810
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

CSR8811: All versions

IPQ8070A: All versions

IPQ8071A: All versions

IPQ8072A: All versions

IPQ8074A: All versions

IPQ8076: All versions

IPQ8076A: All versions

IPQ8078: All versions

IPQ8078A: All versions

IPQ8173: All versions

IPQ8174: All versions

IPQ9008: All versions

IPQ9574: All versions

QCA4024: All versions

QCA6390: All versions

QCA6391: All versions

QCA6421: All versions

QCA6426: All versions

QCA6431: All versions

QCA6436: All versions

QCA8081: All versions

QCA8082: All versions

QCA8084: All versions

QCA8085: All versions

QCA8386: All versions

QCA9888: All versions

QCA9889: All versions

QCN5024: All versions

QCN5124: All versions

QCN5154: All versions

QCN5164: All versions

QCN6023: All versions

QCN6024: All versions

QCN9000: All versions

QCN9024: All versions

QCN9070: All versions

QCN9072: All versions

QCN9074: All versions

QCN9274: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD680: All versions

SD695: All versions

SD865 5G: All versions

SD870: All versions

SDX55M: All versions

SDX65: All versions

SDX65M: All versions

SM4125: All versions

Snapdragon 4 Gen 1: All versions

SW5100: All versions

SW5100P: All versions

WCD9326: All versions

WCD9335: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3991: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2023-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets