7.8
HIGH
CVE-2022-22072
Snapdragon NDP Buffer Overflow Vulnerability
Description

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

INFO

Published Date :

June 14, 2022, 10:15 a.m.

Last Modified :

Nov. 21, 2024, 6:46 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2022-22072 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2022-22072 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qca6574au_firmware
2 Qualcomm wcd9341_firmware
3 Qualcomm wcn3980_firmware
4 Qualcomm wcn3998_firmware
5 Qualcomm wsa8810_firmware
6 Qualcomm wsa8815_firmware
7 Qualcomm csra6620_firmware
8 Qualcomm csra6640_firmware
9 Qualcomm qca6310_firmware
10 Qualcomm qca6335_firmware
11 Qualcomm qca6564au_firmware
12 Qualcomm qca6574_firmware
13 Qualcomm qca6574a_firmware
14 Qualcomm wcd9326_firmware
15 Qualcomm wcd9335_firmware
16 Qualcomm wcd9340_firmware
17 Qualcomm wcn3990_firmware
18 Qualcomm wcn3660b_firmware
19 Qualcomm wcn3680b_firmware
20 Qualcomm sa515m_firmware
21 Qualcomm wcn3610_firmware
22 Qualcomm apq8096au_firmware
23 Qualcomm mdm9150_firmware
24 Qualcomm mdm9628_firmware
25 Qualcomm qca6564a_firmware
26 Qualcomm qca6174a_firmware
27 Qualcomm qca9377_firmware
28 Qualcomm qcs603_firmware
29 Qualcomm qcs605_firmware
30 Qualcomm sd670_firmware
31 Qualcomm sd845_firmware
32 Qualcomm sdx24_firmware
33 Qualcomm apq8009_firmware
34 Qualcomm mdm9250_firmware
35 Qualcomm mdm9650_firmware
36 Qualcomm qca4020_firmware
37 Qualcomm qca9379_firmware
38 Qualcomm sd835_firmware
39 Qualcomm sdx20_firmware
40 Qualcomm wcn3615_firmware
41 Qualcomm sd710_firmware
42 Qualcomm ar8031_firmware
43 Qualcomm qca6320_firmware
44 Qualcomm qcs405_firmware
45 Qualcomm sdxr1_firmware
46 Qualcomm wcn3999_firmware
47 Qualcomm apq8017_firmware
48 Qualcomm mdm9206_firmware
49 Qualcomm mdm9607_firmware
50 Qualcomm qca9367_firmware
51 Qualcomm wcd9330_firmware
52 Qualcomm sd820_firmware
53 Qualcomm qca6175a_firmware
54 Qualcomm sdx12_firmware
55 Qualcomm apq8053_firmware
56 Qualcomm msm8937_firmware
57 Qualcomm mdm9626_firmware
58 Qualcomm pm8937_firmware
59 Qualcomm apq8009
60 Qualcomm apq8017
61 Qualcomm apq8053
62 Qualcomm apq8096au
63 Qualcomm ar8031
64 Qualcomm csra6620
65 Qualcomm csra6640
66 Qualcomm mdm9206
67 Qualcomm mdm9607
68 Qualcomm mdm9628
69 Qualcomm mdm9650
70 Qualcomm msm8937
71 Qualcomm pm8937
72 Qualcomm qca4020
73 Qualcomm qca6174a
74 Qualcomm qca6175a
75 Qualcomm qca6310
76 Qualcomm qca6320
77 Qualcomm qca6335
78 Qualcomm qca6564a
79 Qualcomm qca6564au
80 Qualcomm qca6574
81 Qualcomm qca6574a
82 Qualcomm qca6574au
83 Qualcomm qca9379
84 Qualcomm qcs405
85 Qualcomm qcs603
86 Qualcomm qcs605
87 Qualcomm sd670
88 Qualcomm sd710
89 Qualcomm sd820
90 Qualcomm sd835
91 Qualcomm sd845
92 Qualcomm sdxr1
93 Qualcomm wcd9326
94 Qualcomm wcd9330
95 Qualcomm wcd9335
96 Qualcomm wcd9340
97 Qualcomm wcd9341
98 Qualcomm wcn3610
99 Qualcomm wcn3615
100 Qualcomm wcn3660b
101 Qualcomm wcn3680b
102 Qualcomm wcn3980
103 Qualcomm wcn3990
104 Qualcomm wcn3998
105 Qualcomm wcn3999
106 Qualcomm wsa8810
107 Qualcomm wsa8815
108 Qualcomm mdm9150
109 Qualcomm mdm9250
110 Qualcomm qca9367
111 Qualcomm qca9377
112 Qualcomm sa515m
113 Qualcomm sdx20
114 Qualcomm sdx24
115 Qualcomm mdm9626
116 Qualcomm sdx12
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-22072.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC

cve-2020-

Updated: 2 years, 1 month ago
5 stars 2 fork 2 watcher
Born at : Jan. 21, 2022, 5:07 a.m. This repo has been linked 2633 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-22072 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-22072 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jun. 22, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Patch, Vendor Advisory
    Added CWE NIST NVD-CWE-Other
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:csra6620:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:csra6640:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9626_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9626:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9628:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:pm8937_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca4020:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6175a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6175a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6335:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca9367:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa515m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd670:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd710_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd710:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd845:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdx12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdxr1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3999:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-22072 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-22072 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10257

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability