Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Physical

CVE-2022-22079

Disclosure Date: January 09, 2023 •

CVE-2022-22079 CVSS v3 Base Score: 4.6

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Denial of service while processing fastboot flash command on mmc due to buffer over read

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.6 Medium

Impact Score:

3.6

Exploitability Score:

0.9

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Physical

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Snapdragon APQ8009

Snapdragon APQ8009W

Snapdragon APQ8064AU

Snapdragon APQ8096AU

Snapdragon MDM9150

Snapdragon MDM9250

Snapdragon MDM9628

Snapdragon MDM9650

Snapdragon MSM8108

Snapdragon MSM8208

Snapdragon MSM8209

Snapdragon MSM8608

Snapdragon MSM8909W

Snapdragon MSM8996AU

Snapdragon QCA4020

Snapdragon QCA6174A

Snapdragon QCA6564A

Snapdragon QCA6564AU

Snapdragon QCA6574

Snapdragon QCA6574A

Snapdragon QCA6574AU

Snapdragon QCA6584AU

Snapdragon QCA9377

Snapdragon QCA9379

Snapdragon Qualcomm215

Snapdragon SD210

Snapdragon SD429

Snapdragon SD625

Snapdragon SD626

Snapdragon SD835

Snapdragon SDA429W

Snapdragon SDM429W

Snapdragon SDW2500

Snapdragon SDX20

Snapdragon SDX20M

Snapdragon WCD9326

Snapdragon WCD9335

Snapdragon WCN3610

Snapdragon WCN3615

Snapdragon WCN3620

Snapdragon WCN3660B

Snapdragon WCN3680

Snapdragon WCN3680B

Snapdragon WCN3980

Snapdragon WCN3990

Snapdragon WSA8815

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

qualcomm

Products

apq8009 firmware -,
apq8009w firmware -,
apq8064au firmware -,
apq8096au firmware -,
mdm9150 firmware -,
mdm9250 firmware -,
mdm9628 firmware -,
mdm9650 firmware -,
msm8108 firmware -,
msm8208 firmware -,
msm8209 firmware -,
msm8608 firmware -,
msm8909w firmware -,
msm8996au firmware -,
qca4020 firmware -,
qca6174a firmware -,
qca6564a firmware -,
qca6564au firmware -,
qca6574 firmware -,
qca6574a firmware -,
qca6574au firmware -,
qca6584au firmware -,
qca9377 firmware -,
qca9379 firmware -,
qualcomm215 firmware -,
sd210 firmware -,
sd429 firmware -,
sd625 firmware -,
sd626 firmware -,
sd835 firmware -,
sda429w firmware -,
sdm429w firmware -,
sdw2500 firmware -,
sdx20 firmware -,
sdx20m firmware -,
wcd9326 firmware -,
wcd9335 firmware -,
wcn3610 firmware -,
wcn3615 firmware -,
wcn3620 firmware -,
wcn3660b firmware -,
wcn3680 firmware -,
wcn3680b firmware -,
wcn3980 firmware -,
wcn3990 firmware -,
wsa8815 firmware -

References

Canonical

CVE-2022-22079 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22079)

Miscellaneous

https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin

Rapid7

Unknown

CVE-2022-22079

Unknown

Unknown

None

None

Physical

CVE-2022-22079

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-22079

Unknown

Unknown

None

None

Physical

CVE-2022-22079

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification