CVE-2022-33281 - OpenCVE

Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Qualcomm	Wsa8835 Wcn785x-5 Wcn685x-1 Wsa8835 Firmware Wsa8830 Wcn685x-5 Firmware Wcd9380 Firmware Sm8450 Wcd9380 Wsa8830 Firmware Wcn685x-5 Wcn685x-1 Firmware Wcn785x-1 Wcn785x-1 Firmware Sm8450 Firmware Wcn785x-5 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:qualcomm:sm8450:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2023-05-02T05:08:44.233Z

Updated: 2024-04-12T16:27:30.474Z

Reserved: 2022-06-14T10:44:39.602Z

Link: CVE-2022-33281

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-02T06:15:09.507

Modified: 2024-04-12T17:16:22.397

Link: CVE-2022-33281

JSON object: View

Redhat Information

No data.

CWE

CWE-129

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn685x-5:-:*:*:*:*:*:*:*", "matchCriteriaId": "B74FDAF1-82D0-4136-BF97-25C56FCEE77C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A3CF46D-E1CB-447E-8371-15C3F49B1AA9", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn685x-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "88D2DB07-B72B-4D44-A373-0C7EAB35F388", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A07C2049-B227-4849-85D0-B53D690C7697", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn785x-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E9C428C-7470-4178-9029-3234086D93F1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C41266FF-5555-4522-AD55-6A7CF8BA33D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn785x-5:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AED978B-0330-4B9B-B662-AA8E9E621996", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "04EA12D4-24E2-4FE9-8CD6-06A8E36DEB2F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8450:-:*:*:*:*:*:*:*", "matchCriteriaId": "59DBE92C-D428-4952-B94F-B46B3A627DFD", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A38C0AFD-D666-423C-8903-BB026965D97C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames."}], "id": "CVE-2022-33281", "lastModified": "2024-04-12T17:16:22.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "product-security@qualcomm.com", "type": "Secondary"}]}, "published": "2023-05-02T06:15:09.507", "references": [{"source": "product-security@qualcomm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-129"}], "source": "product-security@qualcomm.com", "type": "Secondary"}]}