8.4

CVE-2022-40540

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

Data is provided by the National Vulnerability Database (NVD)
QualcommSd 8 Gen1 5g Firmware Version-
   QualcommSm8475 Version-
QualcommSd888 5g Firmware Version-
   QualcommSd888 5g Version-
QualcommSw5100 Firmware Version-
   QualcommSw5100 Version-
QualcommSw5100p Firmware Version-
   QualcommSw5100p Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWcn3980 Firmware Version-
   QualcommWcn3980 Version-
QualcommWcn3988 Firmware Version-
   QualcommWcn3988 Version-
QualcommWcn6850 Firmware Version-
   QualcommWcn6850 Version-
QualcommWcn6851 Firmware Version-
   QualcommWcn6851 Version-
QualcommWcn6855 Firmware Version-
   QualcommWcn6855 Version-
QualcommWcn6856 Firmware Version-
   QualcommWcn6856 Version-
QualcommWcn7850 Firmware Version-
   QualcommWcn7850 Version-
QualcommWcn7851 Firmware Version-
   QualcommWcn7851 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.167
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.