CVE-2022-33216 - Vulnerability Details

Description

Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.

Published: 2023-02-09

Score: 6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`QAM8295P`	affected	—
`QCA6574A`	affected	—
`QCA6574AU`	affected	—
`QCA6595`	affected	—
`QCA6595AU`	affected	—
`QCA6696`	affected	—
`SA6145P`	affected	—
`SA6150P`	affected	—
`SA6155`	affected	—
`SA6155P`	affected	—
`SA8145P`	affected	—
`SA8150P`	affected	—
`SA8155`	affected	—
`SA8155P`	affected	—
`SA8195P`	affected	—
`SA8295P`	affected	—
`SA8540P`	affected	—
`SA9000P`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-36259	Transient Denial-of-service in Automotive due to improper input validation while parsing ELF file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

History

No history.

Subscriptions

Qualcomm Qam8295p Qam8295p Firmware Qca6574a Qca6574a Firmware Qca6574au Qca6574au Firmware Qca6595 Qca6595 Firmware Qca6595au Qca6595au Firmware Qca6696 Qca6696 Firmware Sa6145p Sa6145p Firmware Sa6150p Sa6150p Firmware Sa6155 Sa6155 Firmware Sa6155p Sa6155p Firmware Sa8145p Sa8145p Firmware Sa8150p Sa8150p Firmware Sa8155 Sa8155 Firmware Sa8155p Sa8155p Firmware Sa8195p Sa8195p Firmware Sa8295p Sa8295p Firmware Sa8540p Sa8540p Firmware Sa9000p Sa9000p Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2023-02-09T06:58:25.463Z

Updated: 2024-08-03T08:01:20.360Z

Reserved: 2022-06-14T10:44:39.574Z

Link: CVE-2022-33216

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-12T04:15:13.760

Modified: 2024-11-21T07:07:44.803

Link: CVE-2022-33216

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object