CVE-2022-25664

high-risk

Published 2022-10-19

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.2/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Apq8009 Firmware

Apq8052 Firmware

Apq8053 Firmware

Apq8056 Firmware

Apq8076 Firmware

Apq8096Au Firmware

Aqt1000 Firmware

Mdm9150 Firmware

Mdm9650 Firmware

Msm8108 Firmware

Msm8208 Firmware

Msm8209 Firmware

Msm8608 Firmware

Msm8952 Firmware

Msm8953 Firmware

Msm8956 Firmware

Msm8976 Firmware

Msm8976Sg Firmware

Msm8996Au Firmware

Qam8295P Firmware

Affected Vendors

Qualcomm

References (4)

http://packetstormsecurity.com/files/172853/Qualcomm-Adreno-GPU-Information-Leak...

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulleti...

http://packetstormsecurity.com/files/172853/Qualcomm-Adreno-GPU-Information-Leak...

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulleti...

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 31/34 · Critical