CVE-2022-40505

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40505
Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:qualcomm:9205_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:qualcomm:9207_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_1100_wearable_platform:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_1200_wearable_platform:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_wear_1300_platform:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*
History

12 Apr 2024, 17:16

Type Values Removed Values Added
CWE CWE-126

09 May 2023, 16:34

Type Values Removed Values Added
CWE CWE-125
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Qualcomm snapdragon X5 Lte Modem Firmware
Qualcomm
Qualcomm snapdragon 1100 Wearable Platform
Qualcomm snapdragon Wear 1300 Platform
Qualcomm snapdragon 1200 Wearable Platform
Qualcomm qca4010 Firmware
Qualcomm mdm8207 Firmware
Qualcomm wcd9306 Firmware
Qualcomm qts110 Firmware
Qualcomm 9205 Lte Modem
Qualcomm wcd9306
Qualcomm 9205 Lte Modem Firmware
Qualcomm 9206 Lte Modem
Qualcomm wcd9330
Qualcomm 9207 Lte Modem
Qualcomm snapdragon 1100 Wearable Platform Firmware
Qualcomm wcd9330 Firmware
Qualcomm snapdragon 1200 Wearable Platform Firmware
Qualcomm 9206 Lte Modem Firmware
Qualcomm snapdragon X5 Lte Modem
Qualcomm qca4010
Qualcomm qca4004
Qualcomm mdm8207
Qualcomm qts110
Qualcomm 9207 Lte Modem Firmware
Qualcomm qca4004 Firmware
Qualcomm snapdragon Wear 1300 Platform Firmware
CPE cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_1100_wearable_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:9205_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_wear_1300_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm8207:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9205_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_x5_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:9207_lte_modem:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_1100_wearable_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca4010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:9207_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_x5_lte_modem_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_wear_1300_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_1200_wearable_platform:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_1200_wearable_platform_firmware:-:*:*:*:*:*:*:*
References (MISC) https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin - (MISC) https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin - Vendor Advisory

02 May 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-02 06:15

Updated : 2024-04-12 17:16

NVD link : CVE-2022-40505

Mitre link : CVE-2022-40505

CVE.ORG link : CVE-2022-40505

JSON object : View

Products Affected

qualcomm

  • 9206_lte_modem
  • 9206_lte_modem_firmware
  • wcd9306
  • 9205_lte_modem_firmware
  • mdm8207
  • snapdragon_1100_wearable_platform
  • snapdragon_wear_1300_platform_firmware
  • wcd9330_firmware
  • snapdragon_wear_1300_platform
  • qts110
  • snapdragon_1100_wearable_platform_firmware
  • qca4004_firmware
  • snapdragon_1200_wearable_platform_firmware
  • snapdragon_1200_wearable_platform
  • snapdragon_x5_lte_modem
  • qca4010_firmware
  • wcd9330
  • qca4010
  • wcd9306_firmware
  • qca4004
  • mdm8207_firmware
  • 9207_lte_modem_firmware
  • 9205_lte_modem
  • 9207_lte_modem
  • qts110_firmware
  • snapdragon_x5_lte_modem_firmware
CWE
CWE-125

Out-of-bounds Read

CWE-126

Buffer Over-read