8.4

CVE-2022-25693

Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommSd 8 Gen1 5g Firmware Version-
   QualcommSm8475 Version-
QualcommSm7450 Firmware Version-
   QualcommSm7450 Version-
QualcommSm8475 Firmware Version-
   QualcommSm8475 Version-
QualcommSm8475p Firmware Version-
   QualcommSm8475p Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWcn6750 Firmware Version-
   QualcommWcn6750 Version-
QualcommWcn6855 Firmware Version-
   QualcommWcn6855 Version-
QualcommWcn6856 Firmware Version-
   QualcommWcn6856 Version-
QualcommWcn7851 Firmware Version-
   QualcommWcn7851 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8832 Firmware Version-
   QualcommWsa8832 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.243
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.