- Jul 27, 2015
Qualcomm released this month’s security bulletin for its products to reveal a total of 12 new security vulnerabilities affecting multiple chipsets, 2 of which have been rated critical in severity.
Two critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets. The vulnerabilities reside in the WLAN of Qualcomm chipsets that powers billions of Android smartphones and tablets.
Tracked as CVE-2022-25748 (CVSS score 9.8), the flaw concerns an “Integer Overflow to Buffer Overflow while parsing GTK frames” issue in Qualcomm’s WLAN component that could be exploited to trigger memory corruption that leads to arbitrary code execution. All of the smart devices using the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series are affected by the vulnerabilities. Tracked as CVE-2022-25718 (CVSS score 9.1), the flaw is a “Cryptographic” issue due to improper check on return value while authentication handshake in Qualcomm’s WLAN component.
CVE-2022-25718, CVE-2022-25748, CVE-2022-25660, CVE-2022-25661, CVE-2022-25687 CVE-2022-25736 CVE-2022-25749 were fixed in the Android Security Patch for October 2022. Users are strongly recommended to download the most recent Android security updates as soon as they are available in order to keep their Android devices protected against any potential attack.
CVE-2022-25748: Critical Vulnerability in Qualcomm Chips Affects Billions of Devices
CVE-2022-25748 (CVSS score 9.8) concerns an "Integer Overflow to Buffer Overflow while parsing GTK frames" issue in Qualcomm's WLAN component