CVE-2022-40525

moderate-risk

Published 2023-06-06

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Csr8811 Firmware

Ipq6000 Firmware

Ipq6005 Firmware

Ipq6010 Firmware

Ipq6018 Firmware

Ipq6028 Firmware

Ipq9008 Firmware

Ipq9574 Firmware

Qca4024 Firmware

Qca8072 Firmware

Qca8075 Firmware

Qca8081 Firmware

Qca8082 Firmware

Qca8084 Firmware

Qca8085 Firmware

Qca8386 Firmware

Qcn5021 Firmware

Qcn5022 Firmware

Qcn5052 Firmware

Qcn5121 Firmware

Qualcomm

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High