CVE-2022-25697

moderate-risk

Published 2022-12-13

Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (16)

Sd 8 Gen1 5G Firmware

Sd429 Firmware

Sda429W Firmware

Sdm429W Firmware

Wcd9380 Firmware

Wcn3610 Firmware

Wcn3620 Firmware

Wcn3660B Firmware

Wcn3680B Firmware

Wcn3980 Firmware

Wcn6855 Firmware

Wcn6856 Firmware

Wcn7850 Firmware

Wcn7851 Firmware

Wsa8830 Firmware

Wsa8835 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/december-2022-bullet...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate