CVE-2022-40539
10.03.2023, 21:15
Memory corruption in Automotive Android OS due to improper validation of array index.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| qualcomm | qam8295p_firmware | - |
| qualcomm | qca6574au_firmware | - |
| qualcomm | qca6696_firmware | - |
| qualcomm | qcc5100_firmware | - |
| qualcomm | qcs410_firmware | - |
| qualcomm | qcs610_firmware | - |
| qualcomm | sa6145p_firmware | - |
| qualcomm | sa6150p_firmware | - |
| qualcomm | sa6155p_firmware | - |
| qualcomm | sa8145p_firmware | - |
| qualcomm | sa8150p_firmware | - |
| qualcomm | sa8155p_firmware | - |
| qualcomm | sa8195p_firmware | - |
| qualcomm | sa8295p_firmware | - |
| qualcomm | sw5100_firmware | - |
| qualcomm | sw5100p_firmware | - |
| qualcomm | wcd9341_firmware | - |
| qualcomm | wcd9370_firmware | - |
| qualcomm | wcn3950_firmware | - |
| qualcomm | wcn3980_firmware | - |
| qualcomm | wcn3988_firmware | - |
| qualcomm | wsa8810_firmware | - |
| qualcomm | wsa8815_firmware | - |
| qualcomm | wsa8830_firmware | - |
| qualcomm | wsa8835_firmware | - |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| qualcomm | qam8295p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | qca6574au_firmware | 𝑥 ≤ * | ADP |
| qualcomm | qca6696_firmware | 𝑥 ≤ * | ADP |
| qualcomm | qcc5100_firmware | 𝑥 ≤ * | ADP |
| qualcomm | qcs410_firmware | 𝑥 ≤ * | ADP |
| qualcomm | qcs610_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa6145p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa6150p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa6155p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa8145p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa8150p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa8155p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa8195p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sa8295p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sw5100_firmware | 𝑥 ≤ * | ADP |
| qualcomm | sw5100p_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wcd9341_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wcd9370_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wcn3950_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wcn3980_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wcn3988_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wsa8810_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wsa8815_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wsa8830_firmware | 𝑥 ≤ * | ADP |
| qualcomm | wsa8835_firmware | 𝑥 ≤ * | ADP |
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-129 - Improper Validation of Array IndexThe product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.