Blog

Oct 6, 2022

2 critical Remote code execution flaws in Qualcomm Chipsets affect billions of smartphones

Posted by in categories: mobile phones, security

Twelve new security flaws impacting various chipsets were disclosed in this month’s security advisory for Qualcomm’s devices, two of which have been given a critical severity rating. Two significant flaws in Qualcomm chipsets have been identified that might allow malicious payloads to installed remotely on the Android devices.

The first vulnerability, identified as CVE-2022–25748 (CVSS score 9.8), affects Qualcomm’s WLAN component and is described as a “Integer Overflow to Buffer Overflow during parsing GTK frames”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

The second vulnerability, identified as CVE-2022–25718 (CVSS score 9.1), also affects Qualcomm’s WLAN component and is described as a “Cryptographic issue in WLAN due to improper check on return value while authentication handshake”. If exploited, this issue might result in memory corruption and remote code execution. This vulnerability impact all smart devices that use the Qualcomm Snapdragon APQ, CSRA, IPQ, MDM, MSM, QCA, WSA, WCN, WCD, SW, SM, SDX, SD, SA, QRB, QCS, QCN, and more series.

Comments are closed.