CVE-2022-25698

Summary

Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesSD 8 Gen1 5Gaffected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesSD429affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesSDA429Waffected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesSDM429Waffected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCD9380affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN3610affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN3620affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN3660Baffected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN3680Baffected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN3980affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN6855affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN6856affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN7850affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWCN7851affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWSA8830affected
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearablesWSA8835affected

Weaknesses

  • Improper Input Validation in SPI Buses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References