CVE-2022-40540
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | SD 8 Gen1 5G | affected |
| Qualcomm, Inc. | Snapdragon | SD888 5G | affected |
| Qualcomm, Inc. | Snapdragon | SW5100 | affected |
| Qualcomm, Inc. | Snapdragon | SW5100P | affected |
| Qualcomm, Inc. | Snapdragon | WCD9380 | affected |
| Qualcomm, Inc. | Snapdragon | WCD9385 | affected |
| Qualcomm, Inc. | Snapdragon | WCN3980 | affected |
| Qualcomm, Inc. | Snapdragon | WCN3988 | affected |
| Qualcomm, Inc. | Snapdragon | WCN6850 | affected |
| Qualcomm, Inc. | Snapdragon | WCN6851 | affected |
| Qualcomm, Inc. | Snapdragon | WCN6855 | affected |
| Qualcomm, Inc. | Snapdragon | WCN6856 | affected |
| Qualcomm, Inc. | Snapdragon | WCN7850 | affected |
| Qualcomm, Inc. | Snapdragon | WCN7851 | affected |
| Qualcomm, Inc. | Snapdragon | WSA8830 | affected |
| Qualcomm, Inc. | Snapdragon | WSA8835 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CVE Program Container
Additional References
- https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin
- https://security.netapp.com/advisory/ntap-20230616-0001/
- https://bugzilla.suse.com/show_bug.cgi?id=1209597
References
- https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin
- https://security.netapp.com/advisory/ntap-20230616-0001/
- https://bugzilla.suse.com/show_bug.cgi?id=1209597
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.