CVE-2022-40505

moderate-risk

Published 2023-05-02

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

9205 Lte Modem Firmware

9206 Lte Modem Firmware

9207 Lte Modem Firmware

Mdm8207 Firmware

Qca4004 Firmware

Qca4010 Firmware

Qts110 Firmware

Snapdragon 1100 Wearable Platform Firmware

Snapdragon 1200 Wearable Platform Firmware

Snapdragon Wear 1300 Platform Firmware

Snapdragon X5 Lte Modem Firmware

Wcd9306 Firmware

Wcd9330 Firmware

Qualcomm

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 0/34 · Minimal

Exposure 17/34 · Moderate