CVE-2022-33224 MEDIUM

CVE-2022-33224: Buffer copy without checking the size of input in Core

Vendor Qualcomm, Inc.

Product Snapdragon

Weakness CWE-120

Published June 6, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

Key dates

02Disclosure timeline

June 6, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-33224 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/120.html

Related vulnerabilities

Identifiers

CVE CVE-2022-33224

CWE CWE-120

CVSS 6.7 / MEDIUM

Affected versions

Vendor Qualcomm, Inc.

Product Snapdragon

Affected AQT1000

Vendor Qualcomm, Inc.

Product Snapdragon

Affected FastConnect 6200

Vendor Qualcomm, Inc.

Product Snapdragon

Affected FastConnect 6900

Vendor Qualcomm, Inc.

Product Snapdragon

Affected FastConnect 7800

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QAM8255P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6420

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6430

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6574AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6595AU

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6696

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6698AQ

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA6797AQ

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCS8155

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6145P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6150P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA6155P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8145P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8150P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8155P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8195P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SA8255P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SD855

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 8 Gen 1 Mobile Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 855 Mobile Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 855+/860 Mobile Platform (SM8150-AC)

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 888 5G Mobile Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 888+ 5G Mobile Platform (SM8350-AC)

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon W5+ Gen 1 Wearable Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon Wear 4100+ Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SW5100

Vendor Qualcomm, Inc.

Product Snapdragon

Affected SW5100P

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCD9341

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCD9380

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCD9385

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCN3610

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCN3660B

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCN3680B

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCN3980

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCN3988

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WSA8810

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WSA8815

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WSA8830

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WSA8835

CVE-2022-33224: Buffer copy without checking the size of input in Core

01Description

02Disclosure timeline

03References

04Related CVE