CVE-2022-33217

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-33217
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8475:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7851:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
History

19 Apr 2023, 17:10

Type Values Removed Values Added
CPE cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sm8475:-:*:*:*:*:*:*:*
First Time Qualcomm sm8475

20 Oct 2022, 19:22

Type Values Removed Values Added
CWE CWE-120
References (CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin - (CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin - Vendor Advisory
First Time Qualcomm wsa8835
Qualcomm wsa8830
Qualcomm
Qualcomm wcd9380
Qualcomm wcn6855
Qualcomm wsa8835 Firmware
Qualcomm wsa8830 Firmware
Qualcomm wcn7850 Firmware
Qualcomm sd 8 Gen1 5g Firmware
Qualcomm wcn6856
Qualcomm wcn7851
Qualcomm wcd9380 Firmware
Qualcomm wcn6855 Firmware
Qualcomm wcn7850
Qualcomm wcn6856 Firmware
Qualcomm sd 8 Gen1 5g
Qualcomm wcn7851 Firmware
CPE cpe:2.3:h:qualcomm:sd_8_gen1_5g:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7850:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7851:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

19 Oct 2022, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-10-19 11:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-33217

Mitre link : CVE-2022-33217

CVE.ORG link : CVE-2022-33217

JSON object : View

Products Affected

qualcomm

  • sm8475
  • wcn6855_firmware
  • wcd9380_firmware
  • wcn7850
  • wsa8835
  • wcn6856_firmware
  • wsa8830_firmware
  • wsa8830
  • wsa8835_firmware
  • wcn7851_firmware
  • wcn6856
  • sd_8_gen1_5g_firmware
  • wcn7851
  • wcn6855
  • wcd9380
  • wcn7850_firmware
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')