Critical Vulnerability in Qualcomm Chips Affects Billions of Devices

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://securityonline.info/cve-2022-25748-critical-vulnerability-in-qualcomm-chips-affects-billions-of-devices/
Qualcomm released this month’s security bulletin for its products to reveal a total of 12 new security vulnerabilities affecting multiple chipsets, 2 of which have been rated critical in severity.

Two critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets. The vulnerabilities reside in the WLAN of Qualcomm chipsets that powers billions of Android smartphones and tablets.

Tracked as CVE-2022-25748 (CVSS score 9.8), the flaw concerns an “Integer Overflow to Buffer Overflow while parsing GTK frames” issue in Qualcomm’s WLAN component that could be exploited to trigger memory corruption that leads to arbitrary code execution. All of the smart devices using the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series are affected by the vulnerabilities. Tracked as CVE-2022-25718 (CVSS score 9.1), the flaw is a “Cryptographic” issue due to improper check on return value while authentication handshake in Qualcomm’s WLAN component.
Click to expand...
CVE-2022-25718, CVE-2022-25748, CVE-2022-25660, CVE-2022-25661, CVE-2022-25687 CVE-2022-25736 CVE-2022-25749 were fixed in the Android Security Patch for October 2022. Users are strongly recommended to download the most recent Android security updates as soon as they are available in order to keep their Android devices protected against any potential attack.
Click to expand...
securityonline.info

CVE-2022-25748: Critical Vulnerability in Qualcomm Chips Affects Billions of Devices

CVE-2022-25748 (CVSS score 9.8) concerns an "Integer Overflow to Buffer Overflow while parsing GTK frames" issue in Qualcomm's WLAN component
securityonline.info securityonline.info
 
  • Like
  • Wow
Reactions: vtqhtr413, Faybert, Gandalf_The_Grey and 8 others
You must log in or register to reply here.

Similar threads

Ink
    • Like
    • +Reputation
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Replies
0
Views
943
News Archive
Ink
Ink
MuzzMelbourne
    • Like
    • +Reputation
    • Applause
ASUS urges customers to patch critical router vulnerabilities
Replies
2
Views
1,070
News Archive
blackice
blackice
vtqhtr413
    • Like
Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
Replies
0
Views
1,128
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top