CVE-2022-33296 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
qualcomm	CNA	5.9 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	315_5g_iot_modem_firmware	-
qualcomm	apq8017_firmware	-
qualcomm	aqt1000_firmware	-
qualcomm	ar8035_firmware	-
qualcomm	csrb31024_firmware	-
qualcomm	wcn3998_firmware	-
qualcomm	qca6390_firmware	-
qualcomm	wcn685x-5_firmware	-
qualcomm	wcn685x-1_firmware	-
qualcomm	wcn785x-1_firmware	-
qualcomm	wcn785x-5_firmware	-
qualcomm	mdm9628_firmware	-
qualcomm	qca6310_firmware	-
qualcomm	qca6320_firmware	-
qualcomm	qca6391_firmware	-
qualcomm	qca6421_firmware	-
qualcomm	qca6426_firmware	-
qualcomm	qca6431_firmware	-
qualcomm	qca6436_firmware	-
qualcomm	qca6564a_firmware	-
qualcomm	qca6564au_firmware	-
qualcomm	qca6574a_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca6595au_firmware	-
qualcomm	qca6696_firmware	-
qualcomm	qca6698aq_firmware	-
qualcomm	qca8081_firmware	-
qualcomm	qca8337_firmware	-
qualcomm	qcm6125_firmware	-
qualcomm	qcn6024_firmware	-
qualcomm	qcn9024_firmware	-
qualcomm	qcs410_firmware	-
qualcomm	qcs610_firmware	-
qualcomm	qcs6125_firmware	-
qualcomm	8905_firmware	-
qualcomm	qm215_firmware	-
qualcomm	sd670_firmware	-
qualcomm	sd675_firmware	-
qualcomm	sd730_firmware	-
qualcomm	sd7c_firmware	-
qualcomm	sd835_firmware	-
qualcomm	sd855_firmware	-
qualcomm	sd865_5g_firmware	-
qualcomm	sdx55_firmware	-
qualcomm	sm6250_firmware	-
qualcomm	sm6250p_firmware	-
qualcomm	sm7250p_firmware	-
qualcomm	8909_firmware	-
qualcomm	sm4375_firmware	-
qualcomm	8917_firmware	-
qualcomm	sdm429_firmware	-
qualcomm	sdm439_firmware	-
qualcomm	sm4350_firmware	-
qualcomm	sm4350-ac_firmware	-
qualcomm	sm6125_firmware	-
qualcomm	sdm670_firmware	-
qualcomm	sm6150_firmware	-
qualcomm	sm6150-ac_firmware	-
qualcomm	sm6350_firmware	-
qualcomm	sm6375_firmware	-
qualcomm	sdm710_firmware	-
qualcomm	sdm712_firmware	-
qualcomm	sm7125_firmware	-
qualcomm	sm7150-aa_firmware	-
qualcomm	sm7150-ab_firmware	-
qualcomm	sm7150-ac_firmware	-
qualcomm	sm7225_firmware	-
qualcomm	sm7250-aa_firmware	-
qualcomm	sm7250-ab_firmware	-
qualcomm	sm7250-ac_firmware	-
qualcomm	sm8450_firmware	-
qualcomm	snapdragon_835_mobile_platform_firmware	-
qualcomm	sm8150_firmware	-
qualcomm	sm8150-ac_firmware	-
qualcomm	sm8250_firmware	-
qualcomm	sm8250-ab_firmware	-
qualcomm	sm8250-ac_firmware	-
qualcomm	snapdragon_auto_5g_modem-rf_firmware	-
qualcomm	snapdragon_w5\+_gen_1_wearable_platform_firmware	-
qualcomm	snapdragon_x5_lte_modem_firmware	-
qualcomm	snapdragon_x50_5g_modem-rf_system_firmware	-
qualcomm	snapdragon_x55_5g_modem-rf_system_firmware	-
qualcomm	snapdragon_x65_5g_modem-rf_system_firmware	-
qualcomm	snapdragon_x70_modem-rf_system_firmware	-
qualcomm	snapdragon_xr1_platform_firmware	-
qualcomm	snapdragon_xr2_5g_platform_firmware	-
qualcomm	snapdragon_auto_4g_modem_firmware	-
qualcomm	sw5100_firmware	-
qualcomm	sw5100p_firmware	-
qualcomm	sxr1120_firmware	-
qualcomm	sxr2130_firmware	-
qualcomm	qcs603_firmware	-
qualcomm	qcs605_firmware	-
qualcomm	wcd9326_firmware	-
qualcomm	wcd9335_firmware	-
qualcomm	wcd9340_firmware	-
qualcomm	wcd9341_firmware	-
qualcomm	wcd9370_firmware	-
qualcomm	wcd9371_firmware	-
qualcomm	wcd9375_firmware	-
qualcomm	wcd9380_firmware	-
qualcomm	wcd9385_firmware	-
qualcomm	wcn3610_firmware	-
qualcomm	wcn3615_firmware	-
qualcomm	wcn3660b_firmware	-
qualcomm	wcn3680b_firmware	-
qualcomm	wcn3950_firmware	-
qualcomm	wcn3980_firmware	-
qualcomm	wcn3988_firmware	-
qualcomm	wcn3990_firmware	-
qualcomm	wsa8810_firmware	-
qualcomm	wsa8815_firmware	-
qualcomm	wsa8830_firmware	-
qualcomm	wsa8835_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-680 - Integer Overflow to Buffer Overflow
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin