CVE-2022-22090

moderate-risk

Published 2022-06-14

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Sd 8 Gen1 5G Firmware

Sd865 5G Firmware

Sd888 5G Firmware

Sdx65 Firmware

Sm7450 Firmware

Sm8475 Firmware

Sm8475P Firmware

Wcd9370 Firmware

Wcd9375 Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wcn6750 Firmware

Wcn6850 Firmware

Wcn6851 Firmware

Wcn6855 Firmware

Wcn6856 Firmware

Wcn7850 Firmware

Wcn7851 Firmware

Wsa8810 Firmware

Wsa8815 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 21/34 · High