CVE-2022-25745 - Vulnerability Details

- Always Incorrect Control Flow Implementation in MODEM

Description

Memory corruption in modem due to improper input validation while handling the incoming CoAP message

Published: 2023-04-04

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`9205 LTE Modem`	affected	—
`QCA4004`	affected	—
`QTS110`	affected	—
`Snapdragon Wear 1300 Platform`	affected	—
`WCD9306`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9205:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca4004:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qts110:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_wear_1300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_wear_1300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-30400	Memory corruption in modem due to improper input validation while handling the incoming CoAP message

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00322.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

History

No history.

Subscriptions

Qualcomm Mdm9205 Mdm9205 Firmware Qca4004 Qca4004 Firmware Qts110 Qts110 Firmware Snapdragon Wear 1300 Snapdragon Wear 1300 Firmware Wcd9306 Wcd9306 Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2023-04-04T04:46:20.679Z

Updated: 2024-08-03T04:49:42.803Z

Reserved: 2022-02-22T11:38:09.315Z

Link: CVE-2022-25745

Vulnrichment

Updated: 2024-08-03T04:49:42.803Z

NVD

Status : Modified

Published: 2023-04-13T07:15:13.253

Modified: 2024-11-21T06:52:53.990

Link: CVE-2022-25745

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-670

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object