CVE-2022-25750
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 04:49
Summary
Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Mobile",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Kailua, SG8275, SG8275P, SM8550, WCD9380, WCD9385, WCD9390, WCD9395, WCN6855, WCN6856, WCN7850, WCN7851, WSA8840, WSA8845, WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Double Free in BTHOST",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-19T00:00:00",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2022-25750",
    "datePublished": "2022-10-17T00:00:00",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25750\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2022-10-19T11:15:10.953\",\"lastModified\":\"2024-11-21T06:52:55.503\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile\"},{\"lang\":\"es\",\"value\":\"Una corrupci\u00f3n de memoria en BTHOST debido a una doble liberaci\u00f3n mientras es reproducida m\u00fasica y son realizadas llamadas a trav\u00e9s de auriculares bluetooth en Snapdragon Mobile\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:kailua_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD29AC3F-4676-4ADB-A15D-A30D698111BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:kailua:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3907F3D9-FCED-41AE-A47F-E4C3D1F845DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sg8275_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E4ECE56-FD6C-4A0F-A024-8AF7A7450096\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sg8275:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E26A0E2-ABC4-4B97-9DFB-FB27F95E0F07\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sg8275p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8509F3A3-A1CA-466B-9031-4146C36B9AF8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sg8275p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1813AB7-44F5-476B-9533-536F5B2F26BB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F6DE83F-F601-4560-96B0-85BC4C153A0A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C39AB5E-6BEC-4A5B-ADE1-1AFCECEF9297\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70292B01-617F-44AD-AF77-1AFC1450523D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA94C6D6-85DB-4031-AAF4-C399019AE16D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92B17201-8185-47F1-9720-5AB4ECD11B22\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FA2EB9-416F-4D69-8786-386CC73978AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"896F1C04-9957-440F-BF01-C3772CC3B3DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90555EB-47A7-4717-92D5-35B561825F06\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"699056F6-1517-4F25-AE07-4FFCF6923B9F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4C023D2-6FF5-4FFC-B9F2-895979166580\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180EB150-C114-429D-941F-9B99CDA4F810\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93BA62AF-3555-463A-8B51-76F07BF0B87E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C616C5-6480-4FE0-9A1C-08026CCB08D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D8E02BA-3A7E-4B13-A8D7-20FD0FAE3187\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16EB11D8-27A3-4D04-B863-7FD4549D0BCD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9B5B84-3C57-4D3D-AFF0-958A19DE09E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FFC44DC-DA90-45F5-ACC1-5262D3E3A796\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn7851:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE9D9A56-2157-43F0-BB18-2B7249D7E021\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA33DE15-C177-43B3-AD50-FF797753D12E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1A5841-5BCB-4033-ACB9-23F3FCA65309\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B47BF35-3AA0-4667-842E-19B0FE30BF3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A071672-9405-4418-9141-35CEADBB65AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7CF473-8B25-4851-91F2-1BD693CCDC85\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E591F2-8F72-4A5A-9264-2742EB2DABDA\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.