CVE-2022-40514 (GCVE-0-2022-40514)
Vulnerability from cvelistv5
Published
2023-02-09 06:58
Modified
2024-08-03 12:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Summary
Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: AQT1000 Version: AR8031 Version: AR8035 Version: AR9380 Version: CSR8811 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: IPQ5010 Version: IPQ5018 Version: IPQ5028 Version: IPQ6000 Version: IPQ6010 Version: IPQ6018 Version: IPQ6028 Version: IPQ8064 Version: IPQ8065 Version: IPQ8068 Version: IPQ8070A Version: IPQ8071A Version: IPQ8072A Version: IPQ8074A Version: IPQ8076 Version: IPQ8076A Version: IPQ8078 Version: IPQ8078A Version: IPQ8173 Version: IPQ8174 Version: IPQ9574 Version: QAM8295P Version: QCA1062 Version: QCA1064 Version: QCA2062 Version: QCA2064 Version: QCA2065 Version: QCA2066 Version: QCA4024 Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6554A Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6678AQ Version: QCA6696 Version: QCA6698AQ Version: QCA8072 Version: QCA8075 Version: QCA8081 Version: QCA8082 Version: QCA8084 Version: QCA8085 Version: QCA8337 Version: QCA8386 Version: QCA9886 Version: QCA9888 Version: QCA9889 Version: QCA9980 Version: QCA9984 Version: QCA9985 Version: QCA9986 Version: QCA9990 Version: QCA9992 Version: QCA9994 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM4325 Version: QCM6125 Version: QCM6490 Version: QCN5022 Version: QCN5024 Version: QCN5052 Version: QCN5054 Version: QCN5122 Version: QCN5124 Version: QCN5152 Version: QCN5154 Version: QCN5164 Version: QCN6023 Version: QCN6024 Version: QCN6100 Version: QCN6102 Version: QCN6112 Version: QCN6122 Version: QCN6132 Version: QCN9000 Version: QCN9011 Version: QCN9012 Version: QCN9022 Version: QCN9024 Version: QCN9070 Version: QCN9072 Version: QCN9074 Version: QCN9100 Version: QCN9274 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: QSM8350 Version: SA4150P Version: SA415M Version: SA515M Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SC8180X+SDX55 Version: SD 455 Version: SD 636 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD460 Version: SD480 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDM630 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SG4150P Version: SM4125 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: Snapdragon 4 Gen 1 Version: SSG2115P Version: SSG2125P Version: SW5100 Version: SW5100P Version: SXR1230P Version: SXR2150P Version: SXR2230P Version: WCD9326 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN3999 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8832 Version: WSA8835 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer Electronics Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables",
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "AR9380"
},
{
"status": "affected",
"version": "CSR8811"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "CSRB31024"
},
{
"status": "affected",
"version": "IPQ5010"
},
{
"status": "affected",
"version": "IPQ5018"
},
{
"status": "affected",
"version": "IPQ5028"
},
{
"status": "affected",
"version": "IPQ6000"
},
{
"status": "affected",
"version": "IPQ6010"
},
{
"status": "affected",
"version": "IPQ6018"
},
{
"status": "affected",
"version": "IPQ6028"
},
{
"status": "affected",
"version": "IPQ8064"
},
{
"status": "affected",
"version": "IPQ8065"
},
{
"status": "affected",
"version": "IPQ8068"
},
{
"status": "affected",
"version": "IPQ8070A"
},
{
"status": "affected",
"version": "IPQ8071A"
},
{
"status": "affected",
"version": "IPQ8072A"
},
{
"status": "affected",
"version": "IPQ8074A"
},
{
"status": "affected",
"version": "IPQ8076"
},
{
"status": "affected",
"version": "IPQ8076A"
},
{
"status": "affected",
"version": "IPQ8078"
},
{
"status": "affected",
"version": "IPQ8078A"
},
{
"status": "affected",
"version": "IPQ8173"
},
{
"status": "affected",
"version": "IPQ8174"
},
{
"status": "affected",
"version": "IPQ9574"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA1062"
},
{
"status": "affected",
"version": "QCA1064"
},
{
"status": "affected",
"version": "QCA2062"
},
{
"status": "affected",
"version": "QCA2064"
},
{
"status": "affected",
"version": "QCA2065"
},
{
"status": "affected",
"version": "QCA2066"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6554A"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA8072"
},
{
"status": "affected",
"version": "QCA8075"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8082"
},
{
"status": "affected",
"version": "QCA8084"
},
{
"status": "affected",
"version": "QCA8085"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA8386"
},
{
"status": "affected",
"version": "QCA9886"
},
{
"status": "affected",
"version": "QCA9888"
},
{
"status": "affected",
"version": "QCA9889"
},
{
"status": "affected",
"version": "QCA9980"
},
{
"status": "affected",
"version": "QCA9984"
},
{
"status": "affected",
"version": "QCA9985"
},
{
"status": "affected",
"version": "QCA9986"
},
{
"status": "affected",
"version": "QCA9990"
},
{
"status": "affected",
"version": "QCA9992"
},
{
"status": "affected",
"version": "QCA9994"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM4325"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN5022"
},
{
"status": "affected",
"version": "QCN5024"
},
{
"status": "affected",
"version": "QCN5052"
},
{
"status": "affected",
"version": "QCN5054"
},
{
"status": "affected",
"version": "QCN5122"
},
{
"status": "affected",
"version": "QCN5124"
},
{
"status": "affected",
"version": "QCN5152"
},
{
"status": "affected",
"version": "QCN5154"
},
{
"status": "affected",
"version": "QCN5164"
},
{
"status": "affected",
"version": "QCN6023"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6100"
},
{
"status": "affected",
"version": "QCN6102"
},
{
"status": "affected",
"version": "QCN6112"
},
{
"status": "affected",
"version": "QCN6122"
},
{
"status": "affected",
"version": "QCN6132"
},
{
"status": "affected",
"version": "QCN9000"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9022"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9070"
},
{
"status": "affected",
"version": "QCN9072"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCN9100"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS603"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QRB5165"
},
{
"status": "affected",
"version": "QRB5165M"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA415M"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SC8180X+SDX55"
},
{
"status": "affected",
"version": "SD 455"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD 8cx Gen2"
},
{
"status": "affected",
"version": "SD 8cx Gen3"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD712"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD7c"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD850"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SG4150P"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM6250P"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9360"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9371"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN3999"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy Without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:33:02.314Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"title": "Buffer copy without checking size of input in WLAN Firmware"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-40514",
"datePublished": "2023-02-09T06:58:54.343Z",
"dateReserved": "2022-09-12T09:37:28.415Z",
"dateUpdated": "2024-08-03T12:21:46.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…