SB2022080220 - Multiple vulnerabilities in Qualcomm chipsets
Published: August 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-35109)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in Core. An attacker with physical access can manipulate address from APP-JS while APP-IS is configuring an RG where it tries to merge the address ranges.
2) Input validation error (CVE-ID: CVE-2021-35108)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to improper checking of AP-S lock bit while verifying the secure resource group permissions in Core. An attacker with physical access can pass specially crafted input to the application and execute arbitrary code on the target system.
3) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2021-35134)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of ELF headers in Boot. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Cryptographic issues (CVE-ID: CVE-2021-35113)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
5) Cryptographic issues (CVE-ID: CVE-2021-35097)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
6) Improper Validation of Array Index (CVE-ID: CVE-2022-22059)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing video content. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Double Free (CVE-ID: CVE-2022-25668)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling ASF clips. A remote attacker can trick the victim to open a specially crafted video file, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Improper Validation of Array Index (CVE-ID: CVE-2022-22099)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Automotive Multimedia. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds write (CVE-ID: CVE-2022-22061)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error when verifying device IDs. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
10) Out-of-bounds read (CVE-ID: CVE-2022-22062)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Data Modem. A remote attacker can pass specially crafted content to the system, trigger an out-of-bounds read error and read contents of memory on the system.
11) Memory leak (CVE-ID: CVE-2022-22067)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when processing NSA RRC Reconfiguration with invalid Radio Bearer Config. A remote attacker can send specially crafted traffic to the system, force it to leak memory and perform denial of service attack.
12) Cryptographic issues (CVE-ID: CVE-2022-22069)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to devices with keyprotect off may store unencrypted keybox in RPMB. A local application can gain access to potentially sensitive information.
13) Buffer overflow (CVE-ID: CVE-2022-22070)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing entries in ARP routing table in Video component. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Integer overflow (CVE-ID: CVE-2022-22106)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Automotive Multimedia. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Buffer overflow (CVE-ID: CVE-2022-25680)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Automotive Multimedia. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2022-22080)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio component when validating backend id in PCM routing process. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.