Critical Vulnerability in Qualcomm Chips Affects Billions of Devices


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Qualcomm released this month’s security bulletin for its products to reveal a total of 12 new security vulnerabilities affecting multiple chipsets, 2 of which have been rated critical in severity.

Two critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets. The vulnerabilities reside in the WLAN of Qualcomm chipsets that powers billions of Android smartphones and tablets.

Tracked as CVE-2022-25748 (CVSS score 9.8), the flaw concerns an “Integer Overflow to Buffer Overflow while parsing GTK frames” issue in Qualcomm’s WLAN component that could be exploited to trigger memory corruption that leads to arbitrary code execution. All of the smart devices using the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series are affected by the vulnerabilities. Tracked as CVE-2022-25718 (CVSS score 9.1), the flaw is a “Cryptographic” issue due to improper check on return value while authentication handshake in Qualcomm’s WLAN component.
CVE-2022-25718, CVE-2022-25748, CVE-2022-25660, CVE-2022-25661, CVE-2022-25687 CVE-2022-25736 CVE-2022-25749 were fixed in the Android Security Patch for October 2022. Users are strongly recommended to download the most recent Android security updates as soon as they are available in order to keep their Android devices protected against any potential attack.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.