CVE-2022-25742

moderate-risk

Published 2022-11-15

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Do I need to act?

0.46% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ar8031 Firmware

Csra6620 Firmware

Csra6640 Firmware

Mdm8207 Firmware

Mdm9205 Firmware

Mdm9206 Firmware

Mdm9207 Firmware

Mdm9607 Firmware

Qca4004 Firmware

Qca4010 Firmware

Qca4020 Firmware

Qca4024 Firmware

Qcs405 Firmware

Wcd9306 Firmware

Wcd9330 Firmware

Wcd9335 Firmware

Wcn3980 Firmware

Wcn3998 Firmware

Wcn3999 Firmware

Wsa8810 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2022-bullet...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 20/34 · Moderate