9.8
CVE-2022-25727
- EPSS 0.25%
- Published 15.11.2022 10:15:14
- Last modified 22.04.2025 16:15:26
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Ar8031 Firmware Version-
Qualcomm ≫ Csra6620 Firmware Version-
Qualcomm ≫ Csra6640 Firmware Version-
Qualcomm ≫ Mdm8207 Firmware Version-
Qualcomm ≫ Mdm9205 Firmware Version-
Qualcomm ≫ Mdm9206 Firmware Version-
Qualcomm ≫ Mdm9207 Firmware Version-
Qualcomm ≫ Mdm9607 Firmware Version-
Qualcomm ≫ Qca4004 Firmware Version-
Qualcomm ≫ Qca4010 Firmware Version-
Qualcomm ≫ Qca4020 Firmware Version-
Qualcomm ≫ Qca4024 Firmware Version-
Qualcomm ≫ Qcs405 Firmware Version-
Qualcomm ≫ Wcd9306 Firmware Version-
Qualcomm ≫ Wcd9330 Firmware Version-
Qualcomm ≫ Wcd9335 Firmware Version-
Qualcomm ≫ Wcn3980 Firmware Version-
Qualcomm ≫ Wcn3998 Firmware Version-
Qualcomm ≫ Wcn3999 Firmware Version-
Qualcomm ≫ Wsa8810 Firmware Version-
Qualcomm ≫ Wsa8815 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.484 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| product-security@qualcomm.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.